Stack-based buffer overflow in Linux kernel - CVE-2026-31720
Published: May 2, 2026
Vulnerability identifier: #VU128970
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2026-31720
CWE-ID: CWE-121
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Linux Foundation
Affected software:
Linux kernel
Linux kernel
Detailed vulnerability description
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to stack-based buffer overflow in f_audio_complete() in the f_uac1_legacy USB gadget function driver when handling host-controlled USB control requests. A remote attacker can send a specially crafted USB control request with an oversized length value to cause a denial of service.
The issue arises because request data is copied into a fixed-size 4-byte stack variable using a host-influenced length.
How to mitigate CVE-2026-31720
Install security update from vendor's repository.
Sources
- https://git.kernel.org/stable/c/0d41772d98dcaf6c17e875b7d0ea0154ae1191ee
- https://git.kernel.org/stable/c/21b11e8581285c6f10ef43d05df349d445f24273
- https://git.kernel.org/stable/c/26304d124e7f0383f8fe1168b5801a0ac7e16b1c
- https://git.kernel.org/stable/c/557d1d4e862eccd0b74cc377b66de3e1e8d49605
- https://git.kernel.org/stable/c/6e0e34d85cd46ceb37d16054e97a373a32770f6c
- https://git.kernel.org/stable/c/8e5eb1d6e6a3d7bbea9c92132d0cda5793176426
- https://git.kernel.org/stable/c/be2d32f0c3fe333d14c0a9ca90328dacbc3e06b8
- https://git.kernel.org/stable/c/c6da4fed7537aec19880c24f6c3a95065adb1406