SB2026050299 - Out-of-bounds read in Linux kernel comedi drivers driver



SB2026050299 - Out-of-bounds read in Linux kernel comedi drivers driver

Published: May 2, 2026

Security Bulletin ID SB2026050299
CSH Severity
Medium
Patch available
YES
Number of vulnerabilities 1
Exploitation vector Remote access
Highest impact Denial of service

Breakdown by Severity

Medium 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 1 vulnerability.


1) Out-of-bounds read (CVE-ID: CVE-2026-31747)

CWE-ID: CWE-125 - Out-of-bounds read

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a local user to cause a denial of service.

The vulnerability exists due to out-of-bounds read in me4000_xilinx_download() when parsing a crafted firmware file. A local user can supply a specially crafted firmware file to cause a denial of service.

The issue occurs because the function reads a length value from the first 4 bytes of the firmware and then reads data from offset 16 onward without ensuring the supplied firmware is large enough to contain the declared data stream.


Remediation

Install update from vendor's website.