GHSA-vm8r-x97v-544j · 深刻度: high — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: SMP: derive...
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: SMP: derive legacy responder STK authentication from MITM state The legacy responder path in smp_random() currently labels the stored STK as authenticated whenever pending_sec_level is BT_SECURITY_HIGH. That reflects what the local service requested, not what the pairing flow actually achieved. For Just Works/Confirm legacy pairing, SMP_FLAG_MITM_AUTH stays clear and the resulting STK should remain unauthenticated even if the local side requested HIGH security. Use the established MITM state when storing the responder STK so the key metadata matches the pairing result. This also keeps the legacy path aligned with the Secure Connections code, which already treats JUST_WORKS/JUST_CFM as unauthenticated.
総合評価: CVE-2026-31773 は中リスク(42.3/100)。CVSS 深刻度は高。悪用される可能性が高い(EPSS 0.28%、20 パーセンタイル) 推奨対応: 影響資産を整理し、修補計画に組み込んでください。
リスクは変動します。再評価に基づき、本ページの表示内容を更新しています。
EPSS は日次で悪用されやすさの相対度合いを推定します。パーセンタイルは採点済み CVE の中での相対位置(高いほど相対的に深刻)を示します。
| # | 日付 | 旧 EPSS スコア | 新 EPSS スコア | Δ(新 − 旧) |
|---|---|---|---|---|
| 1 | 2026-06-15 | 0.06% | 0.28% | +0.22% |
| 2 | 2026-05-26 | 0.05% | 0.06% | +0.01% |
| 3 | 2026-05-02 | — | 0.05% | — |
EPSS の全履歴 (全 3 件)
この CVE の CVSS 指標。
| ベーススコア | バージョン | 深刻度 | ベクトル | 悪用しやすさ | 影響 | スコアの出典 |
|---|---|---|---|---|---|---|
| 8.8 | 3.1 | HIGH |
|
2.8 | 5.9 | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
GHSA-vm8r-x97v-544j · 深刻度: high — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: SMP: derive...
| vendor | priority | summary | link |
|---|---|---|---|
debian
|
not yet assigned | CVE-2026-31773 not yet assigned priority: Debian including 2 source packages (linux, linux-6.1), 6 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 6. | https://security-tracker.debian.org/tracker/CVE-2026-31773 |
redhat
|
medium | — | https://access.redhat.com/security/cve/CVE-2026-31773 |
suse
|
medium | CVE-2026-31773 severity moderate: SUSE including 17 source package names (cluster-md-kmp-default, dlm-kmp-default, …), 57 product×package rows across 14 product lines (SUSE Linux Enterprise High Availability Extension 15 SP7, SUSE Linux Enterprise Live Patching 15 SP7, … (14 product lines)): Known Not Affected 57. | https://www.suse.com/security/cve/CVE-2026-31773/ |
ubuntu
|
medium | CVE-2026-31773 medium priority: Ubuntu including 161 source packages (linux, linux-allwinner-5.19, …), 1449 status rows across 9 suites (bionic, focal, jammy, noble, questing, resolute, trusty, upstream, xenial): DNE 1047, ignored 173, needed 130, released 84, not-affected 10, needs-triage 5. | https://ubuntu.com/security/CVE-2026-31773 |
| ベンダー | 製品 | バージョン | 生の CPE |
|---|---|---|---|
| linux | linux_kernel | >= 3.15.5, < 3.16 | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
| linux | linux_kernel | >= 3.16.1, < 5.10.253 | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
| linux | linux_kernel | >= 5.11, < 5.15.203 | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
| linux | linux_kernel | >= 5.16, < 6.1.168 | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
| linux | linux_kernel | >= 6.2, < 6.6.134 | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
| linux | linux_kernel | >= 6.7, < 6.12.81 | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
| linux | linux_kernel | >= 6.13, < 6.18.22 | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
| linux | linux_kernel | >= 6.19, < 6.19.12 | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
| linux | linux_kernel | 3.16 | cpe:2.3:o:linux:linux_kernel:3.16:-:*:*:*:*:*:* |
| linux | linux_kernel | 7.0 | cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:* |
| linux | linux_kernel | 7.0 | cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:* |
| linux | linux_kernel | 7.0 | cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:* |
| linux | linux_kernel | 7.0 | cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:* |
| linux | linux_kernel | 7.0 | cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:* |
| linux | linux_kernel | 7.0 | cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:* |