SB20260502100 - Out-of-bounds read in Linux kernel comedi drivers driver
Published: May 2, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
1) Out-of-bounds read (CVE-ID: CVE-2026-31748)
CWE-ID: CWE-125 - Out-of-bounds read
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a local user to cause a denial of service.
The vulnerability exists due to an out-of-bounds read in me2600_xilinx_download() when parsing a crafted firmware file. A local user can provide a specially crafted firmware file to cause a denial of service.
The issue occurs because the data stream length is read from the first 4 bytes of the firmware and the function reads data from offset 16 without verifying that the supplied firmware contains the full data stream.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/1bf8761eb59e94bf7b8c17b2a1ee48f14378b172
- https://git.kernel.org/stable/c/2fc25a4c2e055cd42ea39a1b42c89bfef70e0319
- https://git.kernel.org/stable/c/9f39fa07259eb342908e4aa0271dee038a8ce4f8
- https://git.kernel.org/stable/c/a47ae40339c1048f519df33ff8840731720f57cb
- https://git.kernel.org/stable/c/c16ac4e173a05011437a2d868f70cc415339065a
- https://git.kernel.org/stable/c/c8c607a77aab783f2e38cc2e0f24aa6c8f6d200b
- https://git.kernel.org/stable/c/cc797d4821c754c701d9714b58bea947e31dbbe0
- https://git.kernel.org/stable/c/f3f8ec00cfb8d8e826e30b1138a56355b88e9ba8