CVE-2026-31497

Source
https://cve.org/CVERecord?id=CVE-2026-31497
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-31497.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2026-31497
Downstream
Published
2026-04-22T13:54:19.051Z
Modified
2026-06-18T03:56:31.892350869Z
Summary
Bluetooth: btusb: clamp SCO altsetting table indices
Details

In the Linux kernel, the following vulnerability has been resolved:

Bluetooth: btusb: clamp SCO altsetting table indices

btusbwork() maps the number of active SCO links to USB alternate settings through a three-entry lookup table when CVSD traffic uses transparent voice settings. The lookup currently indexes alts[] with data->sconum - 1 without first constraining sco_num to the number of available table entries.

While the table only defines alternate settings for up to three SCO links, data->sconum comes from hciconn_num() and is used directly. Cap the lookup to the last table entry before indexing it so the driver keeps selecting the highest supported alternate setting without reading past alts[].

Database specific
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/31xxx/CVE-2026-31497.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
baac6276c0a9f36f1fe1f00590ef00d2ba5ba626
Fixed
312c4450fe23014665c163f480edd5ad2e27bbb8
Fixed
9dd13a8641de79bc1bc93da55cdd35259a002683
Fixed
476c9262b430c38c6a701a3b8176a3f48689085b
Fixed
6fba3c3d48c927e55611a0f5ea34da88138ed0ff
Fixed
834cf890d2c3d29cbfa1ee2376c40469c28ec297
Fixed
1019028eb124564cf7bca58a16f1df8a1ca30726
Fixed
21c254202f9d78abe0fcd642a92966deb92bd226
Fixed
129fa608b6ad08b8ab7178eeb2ec272c993aaccc

Database specific

source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-31497.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
5.8.0
Fixed
5.10.253
Type
ECOSYSTEM
Events
Introduced
5.11.0
Fixed
5.15.203
Type
ECOSYSTEM
Events
Introduced
5.16.0
Fixed
6.1.168
Type
ECOSYSTEM
Events
Introduced
6.2.0
Fixed
6.6.131
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.12.80
Type
ECOSYSTEM
Events
Introduced
6.13.0
Fixed
6.18.21
Type
ECOSYSTEM
Events
Introduced
6.19.0
Fixed
6.19.11

Database specific

source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-31497.json"