CVE-2026-31497

A flaw was found in the Linux kernel's Bluetooth USB btusb driver. An attacker with control over Bluetooth connections could trigger an out-of-bounds read in the btusbwork function. This occurs because the function, which maps active Synchronous Connection-Oriented SCO links to USB alternate...

CVE-2026-31497

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btusb: clamp SCO altsetting table indices btusbwork maps the number of active SCO links to USB alternate settings through a three-entry lookup table when CVSD traffic uses transparent voice settings. The lookup current...

CVE-2026-31497

The CVE-2026-31497 entry concerns the Linux kernel Bluetooth USB (btusb) driver. The issue arises in btusb_work(), which maps the number of active SCO links to USB alternate settings using a three-entry table. It indexes alts[] with data->sco_num - 1 without constraining sco_num to the number ...

CVE-2026-31497 Bluetooth: btusb: clamp SCO altsetting table indices

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btusb: clamp SCO altsetting table indices btusbwork maps the number of active SCO links to USB alternate settings through a three-entry lookup table when CVSD traffic uses transparent voice settings. The lookup current...

PT-2026-34402

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description In the Bluetooth component, the btusb work function maps the number of active SCO links to USB alternate settings using a three-entry lookup table when CVSD traffic uses transparent voic...

Linux Distros Unpatched Vulnerability : CVE-2026-31497

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Bluetooth: btusb: clamp SCO altsetting table indices btusbwork maps the number of active SCO links to USB alternate settings through a three-entry lookup table...