CVE-2026-31748
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
comedi: me_daq: Fix potential overrun of firmware buffer
me2600_xilinx_download() loads the firmware that was requested by
request_firmware(). It is possible for it to overrun the source
buffer because it blindly trusts the file format. It reads a data
stream length from the first 4 bytes into variable file_length and
reads the data stream contents of length file_length from offset 16
onwards. Although it checks that the supplied firmware is at least 16
bytes long, it does not check that it is long enough to contain the data
stream.
Add a test to ensure that the supplied firmware is long enough to
contain the header and the data stream. On failure, log an error and
return -EINVAL.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | 85acac61096f946a78cf0c4b65f7cebe580693b6 < 2fc25a4c2e055cd42ea39a1b42c89bfef70e0319 | affected |
| Linux | Linux | 85acac61096f946a78cf0c4b65f7cebe580693b6 < 9f39fa07259eb342908e4aa0271dee038a8ce4f8 | affected |
| Linux | Linux | 85acac61096f946a78cf0c4b65f7cebe580693b6 < f3f8ec00cfb8d8e826e30b1138a56355b88e9ba8 | affected |
| Linux | Linux | 85acac61096f946a78cf0c4b65f7cebe580693b6 < c16ac4e173a05011437a2d868f70cc415339065a | affected |
| Linux | Linux | 85acac61096f946a78cf0c4b65f7cebe580693b6 < 1bf8761eb59e94bf7b8c17b2a1ee48f14378b172 | affected |
| Linux | Linux | 85acac61096f946a78cf0c4b65f7cebe580693b6 < a47ae40339c1048f519df33ff8840731720f57cb | affected |
| Linux | Linux | 85acac61096f946a78cf0c4b65f7cebe580693b6 < c8c607a77aab783f2e38cc2e0f24aa6c8f6d200b | affected |
| Linux | Linux | 85acac61096f946a78cf0c4b65f7cebe580693b6 < cc797d4821c754c701d9714b58bea947e31dbbe0 | affected |
| Linux | Linux | 2.6.29 | affected |
| Linux | Linux | 0 < 2.6.29 | unaffected |
| Linux | Linux | 5.10.253 <= 5.10.* | unaffected |
| Linux | Linux | 5.15.203 <= 5.15.* | unaffected |
| Linux | Linux | 6.1.168 <= 6.1.* | unaffected |
| Linux | Linux | 6.6.134 <= 6.6.* | unaffected |
| Linux | Linux | 6.12.81 <= 6.12.* | unaffected |
| Linux | Linux | 6.18.22 <= 6.18.* | unaffected |
| Linux | Linux | 6.19.12 <= 6.19.* | unaffected |
| Linux | Linux | 7.0 <= * | unaffected |
Weaknesses
References
- https://git.kernel.org/stable/c/2fc25a4c2e055cd42ea39a1b42c89bfef70e0319
- https://git.kernel.org/stable/c/9f39fa07259eb342908e4aa0271dee038a8ce4f8
- https://git.kernel.org/stable/c/f3f8ec00cfb8d8e826e30b1138a56355b88e9ba8
- https://git.kernel.org/stable/c/c16ac4e173a05011437a2d868f70cc415339065a
- https://git.kernel.org/stable/c/1bf8761eb59e94bf7b8c17b2a1ee48f14378b172
- https://git.kernel.org/stable/c/a47ae40339c1048f519df33ff8840731720f57cb
- https://git.kernel.org/stable/c/c8c607a77aab783f2e38cc2e0f24aa6c8f6d200b
- https://git.kernel.org/stable/c/cc797d4821c754c701d9714b58bea947e31dbbe0
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.