CVE-2026-31748
Reported by Linux · Published May 1, 2026
In the Linux kernel, the following vulnerability has been resolved: comedi: me_daq: Fix potential overrun of firmware buffer `me2600_xilinx_download()` loads the firmware that was requested by `request_firmware()`. It is possible for it to overrun the source buffer because it blindly trusts the file format. It reads a data stream length from the first 4 bytes into variable `file_length` and reads the data stream contents of length `file_length` from offset 16 onwards. Although it checks that the supplied firmware is at least 16 bytes long, it does not check that it is long enough to contain the data stream. Add a test to ensure that the supplied firmware is long enough to contain the header and the data stream. On failure, log an error and return `-EINVAL`.
EPSS 0.01% · 2.5th percentile
Risk Scores
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux | 85acac61096f946a78cf0c4b65f7cebe580693b6, 85acac61096f946a78cf0c4b65f7cebe580693b6, 85acac61096f946a78cf0c4b65f7cebe580693b6 |
| Linux | Linux | 2.6.29, 0, 5.10.253 |
| linux | linux_kernel | 2.6.29, 2.6.29, 2.6.29 |
| Linux | Linux | 85acac61096f946a78cf0c4b65f7cebe580693b6, 85acac61096f946a78cf0c4b65f7cebe580693b6, 85acac61096f946a78cf0c4b65f7cebe580693b6 |
Timeline
- May 1, 2026 CVE Published
- May 7, 2026 CVE Updated
- May 18, 2026 EPSS Score
- May 19, 2026 EPSS Score
- May 20, 2026 EPSS Score
- May 21, 2026 EPSS Score
- May 22, 2026 EPSS Score
- May 23, 2026 EPSS Score
- May 24, 2026 EPSS Score
- May 25, 2026 EPSS Score
- May 26, 2026 EPSS Score
- May 27, 2026 EPSS Score