CVE-2026-31747

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A buffer overrun can occur in the me4000 xilinx download() function when loading firmware requested by request firmware(). The function reads a data stream length from the first 4 bytes into the file length variable and subsequently reads the data stream contents of that length from offset 16 onwards without verifying if the source buffer is sufficiently large to contain both the header and the data stream.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.