Heap-based buffer overflow in Linux kernel - CVE-2026-31780
Published: May 2, 2026
Vulnerability identifier: #VU128914
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2026-31780
CWE-ID: CWE-122
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Linux Foundation
Affected software:
Linux kernel
Linux kernel
Detailed vulnerability description
The vulnerability allows a local user to cause a denial of service or execute arbitrary code.
The vulnerability exists due to a heap-based buffer overflow in the wilc1000 SSID scan buffer handling when processing configured SSIDs to scan. A local user can provide a crafted set of SSIDs to trigger a heap-based overwrite to cause a denial of service or execute arbitrary code.
The issue is caused by an integer wraparound in the buffer size calculation, where the accumulated SSID length can exceed the range of an 8-bit value before memory is allocated and copied.
How to mitigate CVE-2026-31780
Install security update from vendor's repository.
Sources
- https://git.kernel.org/stable/c/0c7f21d8bd2f93998b72b7a7f93152336aeca4dd
- https://git.kernel.org/stable/c/34a23fd9ddd683a03c7e8cc0ceded3e59e354b99
- https://git.kernel.org/stable/c/549f02d8ec94d39092ab6d9b103d0d6783a4b024
- https://git.kernel.org/stable/c/9907ac9b9a18b92fc34b9e4cb9e10f208dc1d3f7
- https://git.kernel.org/stable/c/bfbddeadd4779651403035ee177ae2f22f9f5521
- https://git.kernel.org/stable/c/c97b2a00059608592ad0d86fbb813a4f8cf9464b
- https://git.kernel.org/stable/c/d049e56b1739101d1c4d81deedb269c52a8dbba0
- https://git.kernel.org/stable/c/d8388614de613c28eeb659c10115060a83739924