CVE-2026-31748
Description
In the Linux kernel, the following vulnerability has been resolved:
comedi: me_daq: Fix potential overrun of firmware buffer
me2600_xilinx_download() loads the firmware that was requested by request_firmware(). It is possible for it to overrun the source buffer because it blindly trusts the file format. It reads a data stream length from the first 4 bytes into variable file_length and reads the data stream contents of length file_length from offset 16 onwards. Although it checks that the supplied firmware is at least 16 bytes long, it does not check that it is long enough to contain the data stream.
Add a test to ensure that the supplied firmware is long enough to contain the header and the data stream. On failure, log an error and return -EINVAL.
Affected products
8cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*+ 6 more
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*range: >=2.6.29,<5.10.253
- cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
News mentions
0No linked articles in our index yet.