Vulnerability-Lookup

CNVD-2026-19968

Vulnerability from cnvd - Published: 2026-05-11

Title

Linux Kernel wilc1000整数溢出漏洞

Description

Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel存在安全漏洞，该漏洞源于wilc1000无线驱动中u8溢出导致堆缓冲区溢出，可能导致内存损坏。攻击者可利用该漏洞造成扫描缓冲区大小计算错误并触发内存破坏。

Severity

高

Patch Name

Linux Kernel wilc1000整数溢出漏洞的补丁

Patch Description

Linux Kernel是Linux操作系统内核，用于提供进程调度、内存管理和设备驱动等核心能力。 Linux Kernel wilc1000 Wi-Fi驱动存在整数溢出漏洞。该漏洞产生的原因是SSID扫描缓冲区大小计算中的valuesize使用u8类型，导致长度累加发生截断。攻击者可利用该漏洞造成扫描缓冲区大小计算错误并触发内存破坏。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://git.kernel.org/stable/c/34a23fd9ddd683a03c7e8cc0ceded3e59e354b99

Reference

https://nvd.nist.gov/vuln/detail/CVE-2026-31780

Impacted products

Name
Linux Linux kernel null

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2026-31780",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2026-31780"
    }
  },
  "description": "Linux kernel\u662f\u7f8e\u56fdLinux\u57fa\u91d1\u4f1a\u7684\u5f00\u6e90\u64cd\u4f5c\u7cfb\u7edfLinux\u6240\u4f7f\u7528\u7684\u5185\u6838\u3002\n\nLinux kernel\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8ewilc1000\u65e0\u7ebf\u9a71\u52a8\u4e2du8\u6ea2\u51fa\u5bfc\u81f4\u5806\u7f13\u51b2\u533a\u6ea2\u51fa\uff0c\u53ef\u80fd\u5bfc\u81f4\u5185\u5b58\u635f\u574f\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u626b\u63cf\u7f13\u51b2\u533a\u5927\u5c0f\u8ba1\u7b97\u9519\u8bef\u5e76\u89e6\u53d1\u5185\u5b58\u7834\u574f\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://git.kernel.org/stable/c/34a23fd9ddd683a03c7e8cc0ceded3e59e354b99",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2026-19968",
  "openTime": "2026-05-11",
  "patchDescription": "Linux Kernel\u662fLinux\u64cd\u4f5c\u7cfb\u7edf\u5185\u6838\uff0c\u7528\u4e8e\u63d0\u4f9b\u8fdb\u7a0b\u8c03\u5ea6\u3001\u5185\u5b58\u7ba1\u7406\u548c\u8bbe\u5907\u9a71\u52a8\u7b49\u6838\u5fc3\u80fd\u529b\u3002\n\nLinux Kernel wilc1000 Wi-Fi\u9a71\u52a8\u5b58\u5728\u6574\u6570\u6ea2\u51fa\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u4ea7\u751f\u7684\u539f\u56e0\u662fSSID\u626b\u63cf\u7f13\u51b2\u533a\u5927\u5c0f\u8ba1\u7b97\u4e2d\u7684valuesize\u4f7f\u7528u8\u7c7b\u578b\uff0c\u5bfc\u81f4\u957f\u5ea6\u7d2f\u52a0\u53d1\u751f\u622a\u65ad\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u626b\u63cf\u7f13\u51b2\u533a\u5927\u5c0f\u8ba1\u7b97\u9519\u8bef\u5e76\u89e6\u53d1\u5185\u5b58\u7834\u574f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Linux Kernel wilc1000\u6574\u6570\u6ea2\u51fa\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Linux Linux kernel null"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2026-31780",
  "serverity": "\u9ad8",
  "submitTime": "2026-05-09",
  "title": "Linux Kernel wilc1000\u6574\u6570\u6ea2\u51fa\u6f0f\u6d1e"
}

CVE-2026-31780 (GCVE-0-2026-31780)

Vulnerability from cvelistv5 – Published: 2026-05-01 14:15 – Updated: 2026-05-11 22:15

Title

wifi: wilc1000: fix u8 overflow in SSID scan buffer size calculation

Summary

In the Linux kernel, the following vulnerability has been resolved: wifi: wilc1000: fix u8 overflow in SSID scan buffer size calculation The variable valuesize is declared as u8 but accumulates the total length of all SSIDs to scan. Each SSID contributes up to 33 bytes (IEEE80211_MAX_SSID_LEN + 1), and with WILC_MAX_NUM_PROBED_SSID (10) SSIDs the total can reach 330, which wraps around to 74 when stored in a u8. This causes kmalloc to allocate only 75 bytes while the subsequent memcpy writes up to 331 bytes into the buffer, resulting in a 256-byte heap buffer overflow. Widen valuesize from u8 to u32 to accommodate the full range.

Severity ?

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Assigner

Linux

References

8 references

URL	Tags
https://git.kernel.org/stable/c/34a23fd9ddd683a03…
https://git.kernel.org/stable/c/549f02d8ec94d3909…
https://git.kernel.org/stable/c/bfbddeadd47796514…
https://git.kernel.org/stable/c/9907ac9b9a18b92fc…
https://git.kernel.org/stable/c/c97b2a00059608592…
https://git.kernel.org/stable/c/d8388614de613c28e…
https://git.kernel.org/stable/c/0c7f21d8bd2f93998…
https://git.kernel.org/stable/c/d049e56b1739101d1…

Impacted products

2 products

Vendor	Product	Version
Linux	Linux	Affected: c5c77ba18ea66aa05441c71e38473efb787705a4 , < 34a23fd9ddd683a03c7e8cc0ceded3e59e354b99 (git) Affected: c5c77ba18ea66aa05441c71e38473efb787705a4 , < 549f02d8ec94d39092ab6d9b103d0d6783a4b024 (git) Affected: c5c77ba18ea66aa05441c71e38473efb787705a4 , < bfbddeadd4779651403035ee177ae2f22f9f5521 (git) Affected: c5c77ba18ea66aa05441c71e38473efb787705a4 , < 9907ac9b9a18b92fc34b9e4cb9e10f208dc1d3f7 (git) Affected: c5c77ba18ea66aa05441c71e38473efb787705a4 , < c97b2a00059608592ad0d86fbb813a4f8cf9464b (git) Affected: c5c77ba18ea66aa05441c71e38473efb787705a4 , < d8388614de613c28eeb659c10115060a83739924 (git) Affected: c5c77ba18ea66aa05441c71e38473efb787705a4 , < 0c7f21d8bd2f93998b72b7a7f93152336aeca4dd (git) Affected: c5c77ba18ea66aa05441c71e38473efb787705a4 , < d049e56b1739101d1c4d81deedb269c52a8dbba0 (git)
Linux	Linux	Affected: 4.2 Unaffected: 0 , < 4.2 (semver) Unaffected: 5.10.253 , ≤ 5.10.* (semver) Unaffected: 5.15.203 , ≤ 5.15.* (semver) Unaffected: 6.1.168 , ≤ 6.1.* (semver) Unaffected: 6.6.134 , ≤ 6.6.* (semver) Unaffected: 6.12.81 , ≤ 6.12.* (semver) Unaffected: 6.18.22 , ≤ 6.18.* (semver) Unaffected: 6.19.12 , ≤ 6.19.* (semver) Unaffected: 7.0 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/wireless/microchip/wilc1000/hif.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "34a23fd9ddd683a03c7e8cc0ceded3e59e354b99",
              "status": "affected",
              "version": "c5c77ba18ea66aa05441c71e38473efb787705a4",
              "versionType": "git"
            },
            {
              "lessThan": "549f02d8ec94d39092ab6d9b103d0d6783a4b024",
              "status": "affected",
              "version": "c5c77ba18ea66aa05441c71e38473efb787705a4",
              "versionType": "git"
            },
            {
              "lessThan": "bfbddeadd4779651403035ee177ae2f22f9f5521",
              "status": "affected",
              "version": "c5c77ba18ea66aa05441c71e38473efb787705a4",
              "versionType": "git"
            },
            {
              "lessThan": "9907ac9b9a18b92fc34b9e4cb9e10f208dc1d3f7",
              "status": "affected",
              "version": "c5c77ba18ea66aa05441c71e38473efb787705a4",
              "versionType": "git"
            },
            {
              "lessThan": "c97b2a00059608592ad0d86fbb813a4f8cf9464b",
              "status": "affected",
              "version": "c5c77ba18ea66aa05441c71e38473efb787705a4",
              "versionType": "git"
            },
            {
              "lessThan": "d8388614de613c28eeb659c10115060a83739924",
              "status": "affected",
              "version": "c5c77ba18ea66aa05441c71e38473efb787705a4",
              "versionType": "git"
            },
            {
              "lessThan": "0c7f21d8bd2f93998b72b7a7f93152336aeca4dd",
              "status": "affected",
              "version": "c5c77ba18ea66aa05441c71e38473efb787705a4",
              "versionType": "git"
            },
            {
              "lessThan": "d049e56b1739101d1c4d81deedb269c52a8dbba0",
              "status": "affected",
              "version": "c5c77ba18ea66aa05441c71e38473efb787705a4",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/wireless/microchip/wilc1000/hif.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.2"
            },
            {
              "lessThan": "4.2",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.253",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.203",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.168",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.134",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.81",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.18.*",
              "status": "unaffected",
              "version": "6.18.22",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.19.*",
              "status": "unaffected",
              "version": "6.19.12",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "7.0",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.253",
                  "versionStartIncluding": "4.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.203",
                  "versionStartIncluding": "4.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.168",
                  "versionStartIncluding": "4.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.134",
                  "versionStartIncluding": "4.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.81",
                  "versionStartIncluding": "4.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.18.22",
                  "versionStartIncluding": "4.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.19.12",
                  "versionStartIncluding": "4.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "7.0",
                  "versionStartIncluding": "4.2",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: wilc1000: fix u8 overflow in SSID scan buffer size calculation\n\nThe variable valuesize is declared as u8 but accumulates the total\nlength of all SSIDs to scan. Each SSID contributes up to 33 bytes\n(IEEE80211_MAX_SSID_LEN + 1), and with WILC_MAX_NUM_PROBED_SSID (10)\nSSIDs the total can reach 330, which wraps around to 74 when stored\nin a u8.\n\nThis causes kmalloc to allocate only 75 bytes while the subsequent\nmemcpy writes up to 331 bytes into the buffer, resulting in a 256-byte\nheap buffer overflow.\n\nWiden valuesize from u8 to u32 to accommodate the full range."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-11T22:15:40.155Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/34a23fd9ddd683a03c7e8cc0ceded3e59e354b99"
        },
        {
          "url": "https://git.kernel.org/stable/c/549f02d8ec94d39092ab6d9b103d0d6783a4b024"
        },
        {
          "url": "https://git.kernel.org/stable/c/bfbddeadd4779651403035ee177ae2f22f9f5521"
        },
        {
          "url": "https://git.kernel.org/stable/c/9907ac9b9a18b92fc34b9e4cb9e10f208dc1d3f7"
        },
        {
          "url": "https://git.kernel.org/stable/c/c97b2a00059608592ad0d86fbb813a4f8cf9464b"
        },
        {
          "url": "https://git.kernel.org/stable/c/d8388614de613c28eeb659c10115060a83739924"
        },
        {
          "url": "https://git.kernel.org/stable/c/0c7f21d8bd2f93998b72b7a7f93152336aeca4dd"
        },
        {
          "url": "https://git.kernel.org/stable/c/d049e56b1739101d1c4d81deedb269c52a8dbba0"
        }
      ],
      "title": "wifi: wilc1000: fix u8 overflow in SSID scan buffer size calculation",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2026-31780",
    "datePublished": "2026-05-01T14:15:07.253Z",
    "dateReserved": "2026-03-09T15:48:24.141Z",
    "dateUpdated": "2026-05-11T22:15:40.155Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2026-19968

CVE-2026-31780 (GCVE-0-2026-31780)

Tags

Sightings

Nomenclature