SB2026050265 - Heap-based buffer overflow in Linux kernel microchip wilc1000 driver
Published: May 2, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
1) Heap-based buffer overflow (CVE-ID: CVE-2026-31780)
CWE-ID: CWE-122 - Heap-based Buffer Overflow
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to cause a denial of service or execute arbitrary code.
The vulnerability exists due to a heap-based buffer overflow in the wilc1000 SSID scan buffer handling when processing configured SSIDs to scan. A local user can provide a crafted set of SSIDs to trigger a heap-based overwrite to cause a denial of service or execute arbitrary code.
The issue is caused by an integer wraparound in the buffer size calculation, where the accumulated SSID length can exceed the range of an 8-bit value before memory is allocated and copied.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/0c7f21d8bd2f93998b72b7a7f93152336aeca4dd
- https://git.kernel.org/stable/c/34a23fd9ddd683a03c7e8cc0ceded3e59e354b99
- https://git.kernel.org/stable/c/549f02d8ec94d39092ab6d9b103d0d6783a4b024
- https://git.kernel.org/stable/c/9907ac9b9a18b92fc34b9e4cb9e10f208dc1d3f7
- https://git.kernel.org/stable/c/bfbddeadd4779651403035ee177ae2f22f9f5521
- https://git.kernel.org/stable/c/c97b2a00059608592ad0d86fbb813a4f8cf9464b
- https://git.kernel.org/stable/c/d049e56b1739101d1c4d81deedb269c52a8dbba0
- https://git.kernel.org/stable/c/d8388614de613c28eeb659c10115060a83739924