SB2026050299 - Out-of-bounds read in Linux kernel comedi drivers driver
Published: May 2, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
1) Out-of-bounds read (CVE-ID: CVE-2026-31747)
CWE-ID: CWE-125 - Out-of-bounds read
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a local user to cause a denial of service.
The vulnerability exists due to out-of-bounds read in me4000_xilinx_download() when parsing a crafted firmware file. A local user can supply a specially crafted firmware file to cause a denial of service.
The issue occurs because the function reads a length value from the first 4 bytes of the firmware and then reads data from offset 16 onward without ensuring the supplied firmware is large enough to contain the declared data stream.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/1603dd471f47762e9d1f52304edb3e49a7e62655
- https://git.kernel.org/stable/c/3fb43a7a5b44713f892c58ead2e5f3a1bc9f4ee7
- https://git.kernel.org/stable/c/64b24b713e1a3ea6624480594b4f8c2ff86502f2
- https://git.kernel.org/stable/c/8ddfe6495c245226a30d8b36e2f4a7aa7712e8d6
- https://git.kernel.org/stable/c/99f31aa98ab6e3805c455b65bcd01b3d48bdf1a5
- https://git.kernel.org/stable/c/de3f923ae7d91480ed3ecea1b1e1fc0dc25b597d
- https://git.kernel.org/stable/c/eae19cab44204537f79146f15a51811b13227c38
- https://git.kernel.org/stable/c/f72b5567f7c117b46b4058dc6a0c7554f8565561