Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-651u-f45c-57de
Vulnerability ID VCID-651u-f45c-57de
Aliases CVE-2026-31497
Summary In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btusb: clamp SCO altsetting table indices btusb_work() maps the number of active SCO links to USB alternate settings through a three-entry lookup table when CVSD traffic uses transparent voice settings. The lookup currently indexes alts[] with data->sco_num - 1 without first constraining sco_num to the number of available table entries. While the table only defines alternate settings for up to three SCO links, data->sco_num comes from hci_conn_num() and is used directly. Cap the lookup to the last table entry before indexing it so the driver keeps selecting the highest supported alternate setting without reading past alts[].
Status Published
Exploitability 0.5
Weighted Severity 5.0
Risk 2.5
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-1285 Improper Validation of Specified Index, Position, or Offset in Input
System Score Found at
cvssv3 5.5 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-31497.json
epss 0.00013 https://api.first.org/data/v1/epss?cve=CVE-2026-31497
epss 0.00013 https://api.first.org/data/v1/epss?cve=CVE-2026-31497
epss 0.00024 https://api.first.org/data/v1/epss?cve=CVE-2026-31497
epss 0.00024 https://api.first.org/data/v1/epss?cve=CVE-2026-31497
cvssv3.1 5.5 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-31497.json
https://api.first.org/data/v1/epss?cve=CVE-2026-31497
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-31497
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
2460657 https://bugzilla.redhat.com/show_bug.cgi?id=2460657
No exploits are available.
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-31497.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.02304
EPSS Score 0.00013
Published At April 29, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-04-23T05:41:06.658088+00:00 Debian Importer Import https://security-tracker.debian.org/tracker/data/json 38.4.0