CVE-2026-31748
Description
In the Linux kernel, the following vulnerability has been resolved:
comedi: me_daq: Fix potential overrun of firmware buffer
me2600_xilinx_download() loads the firmware that was requested by request_firmware(). It is possible for it to overrun the source buffer because it blindly trusts the file format. It reads a data stream length from the first 4 bytes into variable file_length and reads the data stream contents of length file_length from offset 16 onwards. Although it checks that the supplied firmware is at least 16 bytes long, it does not check that it is long enough to contain the data stream.
Add a test to ensure that the supplied firmware is long enough to contain the header and the data stream. On failure, log an error and return -EINVAL.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
10cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*+ 7 more
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*range: >=2.6.29,<5.10.253
- cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:*
- (no CPE)
Patches
Vulnerability mechanics
References
8- git.kernel.org/stable/c/1bf8761eb59e94bf7b8c17b2a1ee48f14378b172nvdPatch
- git.kernel.org/stable/c/2fc25a4c2e055cd42ea39a1b42c89bfef70e0319nvdPatch
- git.kernel.org/stable/c/9f39fa07259eb342908e4aa0271dee038a8ce4f8nvdPatch
- git.kernel.org/stable/c/a47ae40339c1048f519df33ff8840731720f57cbnvdPatch
- git.kernel.org/stable/c/c16ac4e173a05011437a2d868f70cc415339065anvdPatch
- git.kernel.org/stable/c/c8c607a77aab783f2e38cc2e0f24aa6c8f6d200bnvdPatch
- git.kernel.org/stable/c/cc797d4821c754c701d9714b58bea947e31dbbe0nvdPatch
- git.kernel.org/stable/c/f3f8ec00cfb8d8e826e30b1138a56355b88e9ba8nvdPatch
News mentions
0No linked articles in our index yet.