SB2026050274 - Improper Authentication in Linux kernel bluetooth
Published: May 2, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
1) Improper Authentication (CVE-ID: CVE-2026-31773)
CWE-ID: CWE-287 - Improper Authentication
CVSSv4: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to bypass authentication requirements.
The vulnerability exists due to improper authentication state handling in the Bluetooth SMP legacy responder STK handling in smp_random() when processing Just Works or Confirm legacy pairing. A remote attacker can initiate a legacy pairing sequence that results in an unauthenticated STK being stored as authenticated to bypass authentication requirements.
The issue affects the legacy responder path and occurs when high security is requested but the pairing flow does not achieve MITM authentication.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/061ee71ac6b03c9f8432fe49538c3682bfcf4cf3
- https://git.kernel.org/stable/c/0afc846bd80073ffcd2b8040f2b2fafaea3d9f72
- https://git.kernel.org/stable/c/20756fec2f0108cb88e815941f1ffff88dc286fe
- https://git.kernel.org/stable/c/667f44f1392df6482483756458c48670e579e9ff
- https://git.kernel.org/stable/c/929db734d12db41ca5f95424db4612397f1bd4a7
- https://git.kernel.org/stable/c/9a38659a3d06080715691bd3139f9c4b61f688e3
- https://git.kernel.org/stable/c/9a6d0db176f082685e0b6149700c0baf3ce2aa8b
- https://git.kernel.org/stable/c/b1c6a8e554a39b222c0879a288ea98e338fc4d77