Medium severity5.5NVD Advisory· Published Apr 24, 2026· Updated Apr 28, 2026

CVE-2026-31623

Description

In the Linux kernel, the following vulnerability has been resolved:

net: usb: cdc-phonet: fix skb frags[] overflow in rx_complete()

A malicious USB device claiming to be a CDC Phonet modem can overflow the skb_shared_info->frags[] array by sending an unbounded sequence of full-page bulk transfers.

Drop the skb and increment the length error when the frag limit is reached. This matches the same fix that commit f0813bcd2d9d ("net: wwan: t7xx: fix potential skb->frags overflow in RX path") did for the t7xx driver.

Affected products

Linux/Kernel
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Range: >=2.6.31,<6.6.136

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

News mentions

No linked articles in our index yet.

Severity

MediumCVSS v3.1

5.5/ 10

Attack vector: Local
Complexity: Low
Privileges: Low
User interaction: None
Scope: Unchanged
Confidentiality: None
Integrity: None
Availability: High

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS

Probability of exploitation in the next 30 days.

0.01%

VYPR risk score

Composite of severity, exploitation, and reach.

0.36medium

cvss	0.358
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000

Weaknesses

CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CVE ID

CVE-2026-31623