CVE-2026-31748

In the Linux kernel, the following vulnerability has been resolved: comedi: me_daq: Fix potential overrun of firmware buffer `me2600_xilinx_download()` loads the firmware that was requested by `request_firmware()`. It is possible for it to overrun the source buffer because it blindly trusts the file format. It reads a data stream length from the first 4 bytes into variable `file_length` and reads the data stream contents of length `file_length` from offset 16 onwards. Although it checks that the supplied firmware is at least 16 bytes long, it does not check that it is long enough to contain the data stream. Add a test to ensure that the supplied firmware is long enough to contain the header and the data stream. On failure, log an error and return `-EINVAL`.
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:*

History

07 May 2026, 19:24

Type Values Removed Values Added
CPE cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.8
References () https://git.kernel.org/stable/c/1bf8761eb59e94bf7b8c17b2a1ee48f14378b172 - () https://git.kernel.org/stable/c/1bf8761eb59e94bf7b8c17b2a1ee48f14378b172 - Patch
References () https://git.kernel.org/stable/c/2fc25a4c2e055cd42ea39a1b42c89bfef70e0319 - () https://git.kernel.org/stable/c/2fc25a4c2e055cd42ea39a1b42c89bfef70e0319 - Patch
References () https://git.kernel.org/stable/c/9f39fa07259eb342908e4aa0271dee038a8ce4f8 - () https://git.kernel.org/stable/c/9f39fa07259eb342908e4aa0271dee038a8ce4f8 - Patch
References () https://git.kernel.org/stable/c/a47ae40339c1048f519df33ff8840731720f57cb - () https://git.kernel.org/stable/c/a47ae40339c1048f519df33ff8840731720f57cb - Patch
References () https://git.kernel.org/stable/c/c16ac4e173a05011437a2d868f70cc415339065a - () https://git.kernel.org/stable/c/c16ac4e173a05011437a2d868f70cc415339065a - Patch
References () https://git.kernel.org/stable/c/c8c607a77aab783f2e38cc2e0f24aa6c8f6d200b - () https://git.kernel.org/stable/c/c8c607a77aab783f2e38cc2e0f24aa6c8f6d200b - Patch
References () https://git.kernel.org/stable/c/cc797d4821c754c701d9714b58bea947e31dbbe0 - () https://git.kernel.org/stable/c/cc797d4821c754c701d9714b58bea947e31dbbe0 - Patch
References () https://git.kernel.org/stable/c/f3f8ec00cfb8d8e826e30b1138a56355b88e9ba8 - () https://git.kernel.org/stable/c/f3f8ec00cfb8d8e826e30b1138a56355b88e9ba8 - Patch
First Time Linux linux Kernel
Linux
CWE CWE-787

01 May 2026, 15:16

Type Values Removed Values Added
New CVE

Information

Published : 2026-05-01 15:16

Updated : 2026-06-17 10:34


NVD link : CVE-2026-31748

Mitre link : CVE-2026-31748

CVE.ORG link : CVE-2026-31748


JSON object : View

Products Affected

linux

  • linux_kernel
CWE
CWE-787

Out-of-bounds Write