SB20260626159 - Heap-based buffer overflow in Linux kernel usb serial driver
Published: June 26, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
1) Heap-based buffer overflow (CVE-ID: CVE-2026-53195)
CWE-ID: CWE-122 - Heap-based Buffer Overflow
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to cause a denial of service.
The vulnerability exists due to a heap-based buffer overflow in build_i2c_fw_hdr() in the io_ti USB serial driver when parsing a crafted firmware file. A local user can supply a firmware image with an oversized Length field to cause a denial of service.
The issue arises because the Length field from the firmware image is not validated against the available destination buffer space before copying.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/0fd2b00b2d3d05e3eaa13342b3dfb0fa85c226ae
- https://git.kernel.org/stable/c/130d6567eb148040eed1b73e1414ad6c27d22bd5
- https://git.kernel.org/stable/c/294692d3296eee3391c348d7ea6401916d27806c
- https://git.kernel.org/stable/c/2fd64bf0ad66ab5de0c73524591d879427ba5aba
- https://git.kernel.org/stable/c/3e187152f44d76d7633a3855ffd0099e1588b82a
- https://git.kernel.org/stable/c/4cb722747ed25971f35cc47ce5c0e79d7f717713
- https://git.kernel.org/stable/c/5a79b634ee58786ca627268daefa7744f2af2e14
- https://git.kernel.org/stable/c/b7faf660eefa2047ebc2959ff76da2b6eae2e9e3