CVE-2026-31607 - Vulnerability Analysis
CriticalCVSS: 9.8Last Updated: April 27, 2026
Linux Kernel - Out-of-Bounds Write
Published: April 24, 2026Updated: April 27, 2026Remote Exploitable
Overview
Linux kernel contains a heap out-of-bounds write vulnerability in usbip_pack_ret_submit() caused by improper validation of number_of_packets in RET_SUBMIT response, letting a malicious USB/IP server cause memory corruption, exploit requires a malicious USB/IP server.
Severity & Score
Severity: Critical
CVSS Score: 9.8
Impact
A malicious USB/IP server can cause heap out-of-bounds write, potentially leading to system instability or code execution.
Mitigation
Update to the latest Linux kernel version containing the fix for usbip_pack_ret_submit() validation.
References
- https://git.kernel.org/stable/c/8d155e2d1c4102f74f82a2bf9c016164bb0f7384
- https://git.kernel.org/stable/c/906f16a836de13fe61f49cdce2f66f2dbd14caf4
- https://git.kernel.org/stable/c/ef8ebb1c637b4cfb61a9dd2e013376774ee2033b
- https://git.kernel.org/stable/c/2ab833a16a825373aad2ba7d54b572b277e95b71
- https://git.kernel.org/stable/c/885c8591784da6314f9aa82fa460ac69f9f79e5f
- https://git.kernel.org/stable/c/5e1c4ece08ccdc197177631f111845a2c68eede3
Related Resources
Details
- CVE ID
- CVE-2026-31607
- Severity
- Critical
- CVSS Score
- 9.8
- Type
- out_of_bounds_rw
- Status
- unconfirmed
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H