CVE-2026-31780

HIGH EPSS 3.9%
Published May 1, 20262mo ago · Modified Jun 17, 20262w ago
7.8 CVSS 3.1
High
Find Similar
Published May 1, 2026 2mo ago
Last Modified Jun 17, 2026 2w ago

Description

In the Linux kernel, the following vulnerability has been resolved: wifi: wilc1000: fix u8 overflow in SSID scan buffer size calculation The variable valuesize is declared as u8 but accumulates the total length of all SSIDs to scan. Each SSID contributes up to 33 bytes (IEEE80211_MAX_SSID_LEN + 1), and with WILC_MAX_NUM_PROBED_SSID (10) SSIDs the total can reach 330, which wraps around to 74 when stored in a u8. This causes kmalloc to allocate only 75 bytes while the subsequent memcpy writes up to 331 bytes into the buffer, resulting in a 256-byte heap buffer overflow. Widen valuesize from u8 to u32 to accommodate the full range.

CVSS Details

Base Score
7.8
Exploitability
1.8
Impact
5.9
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High

Threat Intelligence

EPSS Exploit Probability
3.9% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-787 Out-of-bounds Write Memory Safety

Affected Products 13

VendorProductVersionRange
linuxlinux_kernel*≥4.2  –  <5.10.253
linuxlinux_kernel*≥5.11  –  <5.15.203
linuxlinux_kernel*≥5.16  –  <6.1.168
linuxlinux_kernel*≥6.2  –  <6.6.134
linuxlinux_kernel*≥6.7  –  <6.12.81
linuxlinux_kernel*≥6.13  –  <6.18.22
linuxlinux_kernel*≥6.19  –  <6.19.12
linuxlinux_kernel7.0any
linuxlinux_kernel7.0any
linuxlinux_kernel7.0any
linuxlinux_kernel7.0any
linuxlinux_kernel7.0any
linuxlinux_kernel7.0any

References 8

  • git.kernel.org https://git.kernel.org/stable/c/0c7f21d8bd2f93998b72b7a7f93152336aeca4dd
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/34a23fd9ddd683a03c7e8cc0ceded3e59e354b99
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/549f02d8ec94d39092ab6d9b103d0d6783a4b024
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/9907ac9b9a18b92fc34b9e4cb9e10f208dc1d3f7
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/bfbddeadd4779651403035ee177ae2f22f9f5521
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/c97b2a00059608592ad0d86fbb813a4f8cf9464b
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/d049e56b1739101d1c4d81deedb269c52a8dbba0
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/d8388614de613c28eeb659c10115060a83739924
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/0c7f21d8bd2f93998b72b7a7f93152336aeca4dd
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/34a23fd9ddd683a03c7e8cc0ceded3e59e354b99
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/549f02d8ec94d39092ab6d9b103d0d6783a4b024
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/9907ac9b9a18b92fc34b9e4cb9e10f208dc1d3f7
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/bfbddeadd4779651403035ee177ae2f22f9f5521
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/c97b2a00059608592ad0d86fbb813a4f8cf9464b
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/d049e56b1739101d1c4d81deedb269c52a8dbba0
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/d8388614de613c28eeb659c10115060a83739924
    Patch