Out-of-bounds read in Linux kernel - CVE-2026-31748
Published: May 2, 2026
Vulnerability identifier: #VU128949
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2026-31748
CWE-ID: CWE-125
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Linux Foundation
Affected software:
Linux kernel
Linux kernel
Detailed vulnerability description
The vulnerability allows a local user to cause a denial of service.
The vulnerability exists due to an out-of-bounds read in me2600_xilinx_download() when parsing a crafted firmware file. A local user can provide a specially crafted firmware file to cause a denial of service.
The issue occurs because the data stream length is read from the first 4 bytes of the firmware and the function reads data from offset 16 without verifying that the supplied firmware contains the full data stream.
How to mitigate CVE-2026-31748
Install security update from vendor's repository.
Sources
- https://git.kernel.org/stable/c/1bf8761eb59e94bf7b8c17b2a1ee48f14378b172
- https://git.kernel.org/stable/c/2fc25a4c2e055cd42ea39a1b42c89bfef70e0319
- https://git.kernel.org/stable/c/9f39fa07259eb342908e4aa0271dee038a8ce4f8
- https://git.kernel.org/stable/c/a47ae40339c1048f519df33ff8840731720f57cb
- https://git.kernel.org/stable/c/c16ac4e173a05011437a2d868f70cc415339065a
- https://git.kernel.org/stable/c/c8c607a77aab783f2e38cc2e0f24aa6c8f6d200b
- https://git.kernel.org/stable/c/cc797d4821c754c701d9714b58bea947e31dbbe0
- https://git.kernel.org/stable/c/f3f8ec00cfb8d8e826e30b1138a56355b88e9ba8