CVE-2026-31773

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description An issue exists in the Bluetooth Security Manager Protocol (SMP) where the legacy responder path in the smp random() function incorrectly labels the stored Short Term Key (STK) as authenticated whenever the pending sec level is set to BT SECURITY HIGH. This occurs regardless of whether the pairing flow actually achieved authentication. For Just Works or Confirm legacy pairing, the SMP FLAG MITM AUTH remains clear, meaning the resulting STK should be unauthenticated even if high security was requested. This discrepancy causes key metadata to mismatch the actual pairing result.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.