HIGHCVE-2026-31779Published Modified CNA Linux
CVE-2026-31779: wifi: iwlwifi: mvm: fix potential out-of-bounds read in iwl_mvm_nd_match_info_handler()
In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: fix potential out-of-bounds read in iwl_mvm_nd_match_info_handler() The memcpy function assumes the dynamic array notif->matches is at least as large as the number of bytes to copy. Otherwise, results->matches may contain unwanted data. To guarantee safety, extend the validation in one of the checks to ensure sufficient packet length. Found by Linux Verification Center (linuxtesting.org) with SVACE.
Metrics
- CVSS v3.1
- 8.1
- Severity
- HIGH
- Fixed in
- 0
- Affected Products
- 2
Fix available
06.1.1686.6.1346.12.816.18.226.19.127.0744fabc338e87b95c4d1ff7c95bc8c0f834c6d99ca0e9491b98ca4c5b44204b0b3dd8062a3b5fba2dd90880eb5ec5442b37eb2b95688f4a63f4883e3e67d8c626ace80b0fa2b48c8ec0a46b508c93442f6abac936a0dfd31d6c3e49205ec0ee75a8f887fffbed27ba15ef80d1c622eeedbfef03e501ae134
Affected packages
- Linux / Linux< f6abac936a0dfd31d6c3e49205ec0ee75a8f887f (from 5ac54afd4d97ad8d94fe250c83b1924eb6d2268c) · < ffbed27ba15ef80d1c622eeedbfef03e501ae134 (from 5ac54afd4d97ad8d94fe250c83b1924eb6d2268c) · < e67d8c626ace80b0fa2b48c8ec0a46b508c93442 (from 5ac54afd4d97ad8d94fe250c83b1924eb6d2268c) · < dd90880eb5ec5442b37eb2b95688f4a63f4883e3 (from 5ac54afd4d97ad8d94fe250c83b1924eb6d2268c) · < ca0e9491b98ca4c5b44204b0b3dd8062a3b5fba2 (from 5ac54afd4d97ad8d94fe250c83b1924eb6d2268c) · < 744fabc338e87b95c4d1ff7c95bc8c0f834c6d99 (from 5ac54afd4d97ad8d94fe250c83b1924eb6d2268c)
- Linux / Linux6.1Fixed in 0, 6.1.168, 6.6.134, 6.12.81, 6.18.22, 6.19.12, 7.0
CVSS Vector
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H