SB20260502121 - Stack-based buffer overflow in Linux kernel gadget function driver
Published: May 2, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
1) Stack-based buffer overflow (CVE-ID: CVE-2026-31720)
CWE-ID: CWE-121 - Stack-based buffer overflow
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to stack-based buffer overflow in f_audio_complete() in the f_uac1_legacy USB gadget function driver when handling host-controlled USB control requests. A remote attacker can send a specially crafted USB control request with an oversized length value to cause a denial of service.
The issue arises because request data is copied into a fixed-size 4-byte stack variable using a host-influenced length.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/0d41772d98dcaf6c17e875b7d0ea0154ae1191ee
- https://git.kernel.org/stable/c/21b11e8581285c6f10ef43d05df349d445f24273
- https://git.kernel.org/stable/c/26304d124e7f0383f8fe1168b5801a0ac7e16b1c
- https://git.kernel.org/stable/c/557d1d4e862eccd0b74cc377b66de3e1e8d49605
- https://git.kernel.org/stable/c/6e0e34d85cd46ceb37d16054e97a373a32770f6c
- https://git.kernel.org/stable/c/8e5eb1d6e6a3d7bbea9c92132d0cda5793176426
- https://git.kernel.org/stable/c/be2d32f0c3fe333d14c0a9ca90328dacbc3e06b8
- https://git.kernel.org/stable/c/c6da4fed7537aec19880c24f6c3a95065adb1406