CVE-2026-31748

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A buffer overrun can occur in the me2600 xilinx download() function when loading firmware requested by request firmware(). The function reads a data stream length into the file length variable from the first 4 bytes of the file and subsequently reads the data stream starting from offset 16. While the system verifies that the firmware is at least 16 bytes long, it fails to confirm if the total file size is sufficient to contain the data stream specified by file length, leading to a potential source buffer overrun.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.