CVE-2026-31747
Published: May 1, 2026
Modified: May 11, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: comedi: me4000: Fix potential overrun of firmware buffer `me4000_xilinx_download()` loads the firmware that was requested by `request_firmware()`. It is possible for it to overrun the source buffer because it blindly trusts the file format. It reads a data stream length from the first 4 bytes into variable `file_length` and reads the data stream contents of length `file_length` from offset 16 onwards. Add a test to ensure that the supplied firmware is long enough to contain the header and the data stream. On failure, log an error and return `-EINVAL`. Note: The firmware loading was totally broken before commit ac584af59945 ("staging: comedi: me4000: fix firmware downloading"), but that is the most sensible target for this fix.
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected ac584af599452748187cf6d7865b1607c54ee443 - < 8ddfe6495c245226a30d8b36e2f4a7aa7712e8d6affected ac584af599452748187cf6d7865b1607c54ee443 - < 64b24b713e1a3ea6624480594b4f8c2ff86502f2affected ac584af599452748187cf6d7865b1607c54ee443 - < f72b5567f7c117b46b4058dc6a0c7554f8565561affected ac584af599452748187cf6d7865b1607c54ee443 - < 1603dd471f47762e9d1f52304edb3e49a7e62655affected ac584af599452748187cf6d7865b1607c54ee443 - < 99f31aa98ab6e3805c455b65bcd01b3d48bdf1a5+3 more versions |
Linux | Linux | affected 3.19unaffected 0 - < 3.19unaffected 5.10.253 - <= 5.10.*unaffected 5.15.203 - <= 5.15.*unaffected 6.1.168 - <= 6.1.*+5 more versions |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now