CVE-2026-31607

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A heap out-of-bounds write exists in the USB/IP client. The function usbip pack ret submit() unconditionally overwrites the number of packets variable from the network PDU. A malicious USB/IP server can provide a value larger than the original submission, which is then used as a loop bound in the usbip recv iso() and usbip pad iso() functions. This leads to memory corruption when writing to the iso frame desc[] array beyond its allocated region.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.