VDB

CVE-2026-31497

CVE-2026-31497 PUBLISHED

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btusb: clamp SCO altsetting table indices btusb_work() maps the number of active SCO links to USB alternate settings through a three-entry lookup table when CVSD traffic uses transparent voice settings. The lookup currently indexes alts[] with data->sco_num - 1 without first constraining sco_num to the number of available table entries. While the table only defines alternate settings for up to three SCO links, data->sco_num comes from hci_conn_num() and is used directly. Cap the lookup to the last table entry before indexing it so the driver keeps selecting the highest supported alternate setting without reading past alts[].

EPSS 0.02% · 3.4th percentile

Risk Scores

EPSS Score
0.02%
3.4th percentile

Affected Products

VendorProductVersions
linuxlinux_kernel5.8, 5.8, 5.8
LinuxLinuxbaac6276c0a9f36f1fe1f00590ef00d2ba5ba626, baac6276c0a9f36f1fe1f00590ef00d2ba5ba626, baac6276c0a9f36f1fe1f00590ef00d2ba5ba626

Timeline

  • Apr 22, 2026 CVE Published
  • Apr 23, 2026 Security Advisory
  • Apr 28, 2026 CVE Updated
  • May 18, 2026 EPSS Score
  • May 19, 2026 EPSS Score
  • May 20, 2026 EPSS Score
  • May 21, 2026 EPSS Score
  • May 22, 2026 EPSS Score
  • May 23, 2026 EPSS Score
  • May 24, 2026 EPSS Score
  • May 25, 2026 EPSS Score
  • May 26, 2026 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›