CVE-2026-31623
MEDIUM SEVERITYCVSS Score & Metrics
Base Score
5.5 / 10
Vector String
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved:
net: usb: cdc-phonet: fix skb frags[] overflow in rx_complete()
A malicious USB device claiming to be a CDC Phonet modem can overflow
the skb_shared_info->frags[] array by sending an unbounded sequence of
full-page bulk transfers.
Drop the skb and increment the length error when the frag limit is
reached. This matches the same fix that commit f0813bcd2d9d ("net:
wwan: t7xx: fix potential skb->frags overflow in RX path") did for the
t7xx driver.
net: usb: cdc-phonet: fix skb frags[] overflow in rx_complete()
A malicious USB device claiming to be a CDC Phonet modem can overflow
the skb_shared_info->frags[] array by sending an unbounded sequence of
full-page bulk transfers.
Drop the skb and increment the length error when the frag limit is
reached. This matches the same fix that commit f0813bcd2d9d ("net:
wwan: t7xx: fix potential skb->frags overflow in RX path") did for the
t7xx driver.
Vulnerability Details
Published Date
Last Modified
CWE ID
CWE-120
Source
NVD
Vendor
Linux
Product
Linux
Discussion (0)
Add Comment
No comments yet. Be the first!