CVE-2026-31748
Published: May 1, 2026
Modified: May 11, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: comedi: me_daq: Fix potential overrun of firmware buffer `me2600_xilinx_download()` loads the firmware that was requested by `request_firmware()`. It is possible for it to overrun the source buffer because it blindly trusts the file format. It reads a data stream length from the first 4 bytes into variable `file_length` and reads the data stream contents of length `file_length` from offset 16 onwards. Although it checks that the supplied firmware is at least 16 bytes long, it does not check that it is long enough to contain the data stream. Add a test to ensure that the supplied firmware is long enough to contain the header and the data stream. On failure, log an error and return `-EINVAL`.
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected 85acac61096f946a78cf0c4b65f7cebe580693b6 - < 2fc25a4c2e055cd42ea39a1b42c89bfef70e0319affected 85acac61096f946a78cf0c4b65f7cebe580693b6 - < 9f39fa07259eb342908e4aa0271dee038a8ce4f8affected 85acac61096f946a78cf0c4b65f7cebe580693b6 - < f3f8ec00cfb8d8e826e30b1138a56355b88e9ba8affected 85acac61096f946a78cf0c4b65f7cebe580693b6 - < c16ac4e173a05011437a2d868f70cc415339065aaffected 85acac61096f946a78cf0c4b65f7cebe580693b6 - < 1bf8761eb59e94bf7b8c17b2a1ee48f14378b172+3 more versions |
Linux | Linux | affected 2.6.29unaffected 0 - < 2.6.29unaffected 5.10.253 - <= 5.10.*unaffected 5.15.203 - <= 5.15.*unaffected 6.1.168 - <= 6.1.*+5 more versions |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now