SB2026050265 - Heap-based buffer overflow in Linux kernel microchip wilc1000 driver



SB2026050265 - Heap-based buffer overflow in Linux kernel microchip wilc1000 driver

Published: May 2, 2026

Security Bulletin ID SB2026050265
CSH Severity
Low
Patch available
YES
Number of vulnerabilities 1
Exploitation vector Local access
Highest impact Denial of service

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 1 vulnerability.


1) Heap-based buffer overflow (CVE-ID: CVE-2026-31780)

CWE-ID: CWE-122 - Heap-based Buffer Overflow

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local user to cause a denial of service or execute arbitrary code.

The vulnerability exists due to a heap-based buffer overflow in the wilc1000 SSID scan buffer handling when processing configured SSIDs to scan. A local user can provide a crafted set of SSIDs to trigger a heap-based overwrite to cause a denial of service or execute arbitrary code.

The issue is caused by an integer wraparound in the buffer size calculation, where the accumulated SSID length can exceed the range of an 8-bit value before memory is allocated and copied.


Remediation

Install update from vendor's website.