CVE-2026-31497
Published: Apr 22, 2026
Modified: May 11, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btusb: clamp SCO altsetting table indices btusb_work() maps the number of active SCO links to USB alternate settings through a three-entry lookup table when CVSD traffic uses transparent voice settings. The lookup currently indexes alts[] with data->sco_num - 1 without first constraining sco_num to the number of available table entries. While the table only defines alternate settings for up to three SCO links, data->sco_num comes from hci_conn_num() and is used directly. Cap the lookup to the last table entry before indexing it so the driver keeps selecting the highest supported alternate setting without reading past alts[].
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected baac6276c0a9f36f1fe1f00590ef00d2ba5ba626 - < 312c4450fe23014665c163f480edd5ad2e27bbb8affected baac6276c0a9f36f1fe1f00590ef00d2ba5ba626 - < 9dd13a8641de79bc1bc93da55cdd35259a002683affected baac6276c0a9f36f1fe1f00590ef00d2ba5ba626 - < 476c9262b430c38c6a701a3b8176a3f48689085baffected baac6276c0a9f36f1fe1f00590ef00d2ba5ba626 - < 6fba3c3d48c927e55611a0f5ea34da88138ed0ffaffected baac6276c0a9f36f1fe1f00590ef00d2ba5ba626 - < 834cf890d2c3d29cbfa1ee2376c40469c28ec297+3 more versions |
Linux | Linux | affected 5.8unaffected 0 - < 5.8unaffected 5.10.253 - <= 5.10.*unaffected 5.15.203 - <= 5.15.*unaffected 6.1.168 - <= 6.1.*+5 more versions |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now