AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2026-31771: In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_event: move wake reason storage into

infovulnerability

security

Source: NVD/CVE DatabaseMay 1, 2026CVE-2026-31771

Summary

A vulnerability in the Linux kernel's Bluetooth handler allowed short HCI event frames (data packets sent over Bluetooth) to bypass safety checks before reaching memory copying functions. The fix moves the storage of wake reason addresses into individual event handlers that already perform proper length validation, ensuring all bounds checks run before any data is processed.

Solution / Mitigation

Move hci_store_wake_reason() calls from the general event handler into nine specific event handlers (hci_conn_request_evt, hci_conn_complete_evt, hci_sync_conn_complete_evt, le_conn_complete_evt, hci_le_adv_report_evt, hci_le_ext_adv_report_evt, hci_le_direct_adv_report_evt, hci_le_pa_sync_established_evt, and hci_le_past_received_evt) where event-length validation has already succeeded. Convert hci_store_wake_reason() into a helper that only stores validated addresses while holding hci_dev_lock(), and annotate it with __must_hold(&hdev->lock) and lockdep_assert_held(&hdev->lock) to enforce the lock requirement.

Vulnerability Details

EPSS (30-day exploit probability)

EPSS: 0.0%

Disclosure Date

May 1, 2026

Classification

Attack SophisticationModerate

Monthly digest — independent AI security research

Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-31771

First tracked: May 1, 2026 at 02:09 PM

Classified by LLM (prompt v3) · confidence: 95%