CVE-2026-31747 · threatengine.sh

Home/CVE/In the Linux kernel, the following vulnerability has been resolved: comedi: me4000: Fix potential overrun of firmware b

CVE

CVE-2026-31747

In the Linux kernel, the following vulnerability has been resolved: comedi: me4000: Fix potential overrun of firmware b

In the Linux kernel, the following vulnerability has been resolved: comedi: me4000: Fix potential overrun of firmware buffer me4000_xilinx_download() loads the firmware that was requested by request_firmware(). It is possible for it to overrun the source buffer because it blindly trusts the file format. It reads a data stream length from the first 4 bytes into variable file_length and reads the data stream contents of length file_length from offset 16 onwards.

Add a test to ensure that the supplied firmware is long enough to contain the header and the data stream. On failure, log an error and return -EINVAL. Note: The firmware loading was totally broken before commit ac584af59945 ("staging: comedi: me4000: fix firmware downloading"), but that is the most sensible target for this fix.

HIGH · CVSS 7.8 EPSS 0.00015

Schedule remediation

CVSS base score ≥ 7.0

Sigma rules0 YARA rules0

⬡

Weakness Classification

CWE-787Out-of-bounds Write

▤

Affected Products & Versions

8

linux kernel>= 3.19 and < 5.10.253
linux kernel>= 5.11 and < 5.15.203
linux kernel>= 5.16 and < 6.1.168
linux kernel>= 6.2 and < 6.6.134
linux kernel>= 6.7 and < 6.12.81
linux kernel>= 6.13 and < 6.18.22
linux kernel>= 6.19 and < 6.19.12
linux kernelall versions

▣

Scoring & Timeline

7.8

HIGH · CVSS v3.1 · 416baaa9-dc9f-4396-8d5f-8c081fb06d67

View on NVD

Attack Vector

Network Adjacent Local Physical

Attack Complexity

Low High

Privileges Required

None Low High

User Interaction

None Required

Scope

Unchanged Changed

Confidentiality

None Low High

Integrity

None Low High

Availability

None Low High

Published to NVD01 May 2026 · 03:16 PM

CVSS VectorCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

🔗

References & Sources

8

Source URLs (vendor pages, mailing lists, write-ups). Exploit/PoC links are in their own section above to avoid duplication.

https://git.kernel.org/stable/c/1603dd471f47762e9d1f52304edb3e49a7e62655Patch

https://git.kernel.org/stable/c/3fb43a7a5b44713f892c58ead2e5f3a1bc9f4ee7Patch

https://git.kernel.org/stable/c/64b24b713e1a3ea6624480594b4f8c2ff86502f2Patch

https://git.kernel.org/stable/c/8ddfe6495c245226a30d8b36e2f4a7aa7712e8d6Patch

https://git.kernel.org/stable/c/99f31aa98ab6e3805c455b65bcd01b3d48bdf1a5Patch

https://git.kernel.org/stable/c/de3f923ae7d91480ed3ecea1b1e1fc0dc25b597dPatch

Show all 8 references

https://git.kernel.org/stable/c/eae19cab44204537f79146f15a51811b13227c38Patch

https://git.kernel.org/stable/c/f72b5567f7c117b46b4058dc6a0c7554f8565561Patch

Intelligence Graph · click any node to traverse

CVETechnique ActorTool Family

drag to reposition · click any node to traverse · button top-right enlarges

External lookups - second-class, for what we don’t hold ourselves

NVD CVE.org CISA Vulners Exploit-DB GitHub PoC VulnCheck KEV GreyNoise

Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities

Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs

Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures

Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1

About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service

threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin