CVE-2026-31395Out-of-bounds Write in Linux

CWE-787Out-of-bounds Write7 documents7 sources
Severity
6.3MEDIUM
No vector
EPSS
0.0%
top 94.14%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedApr 3

Description

In the Linux kernel, the following vulnerability has been resolved: bnxt_en: fix OOB access in DBG_BUF_PRODUCER async event handler The ASYNC_EVENT_CMPL_EVENT_ID_DBG_BUF_PRODUCER handler in bnxt_async_event_process() uses a firmware-supplied 'type' field directly as an index into bp->bs_trace[] without bounds validation. The 'type' field is a 16-bit value extracted from DMA-mapped completion ring memory that the NIC writes directly to host RAM. A malicious or compromised NIC can supply any va

Affected Packages3 packages

Debianlinux/linux_kernel< 6.19.10-1
CVEListV5linux/linux84fcd9449fd7882ddfb05ba64d75f9be2d29b2e919aa416eed9e4aaf1bbe8da0f7bd9a9be31158c8+3
debiandebian/linux< linux 6.19.10-1 (forky)

🔴Vulnerability Details

2
OSV
CVE-2026-31395: In the Linux kernel, the following vulnerability has been resolved: bnxt_en: fix OOB access in DBG_BUF_PRODUCER async event handler The ASYNC_EVENT_CM2026-04-03
GHSA
GHSA-prjx-7cfw-rqr7: In the Linux kernel, the following vulnerability has been resolved: bnxt_en: fix OOB access in DBG_BUF_PRODUCER async event handler The ASYNC_EVENT_2026-04-03

📋Vendor Advisories

2
Red Hat
kernel: bnxt_en: fix OOB access in DBG_BUF_PRODUCER async event handler2026-04-03
Debian
CVE-2026-31395: linux - In the Linux kernel, the following vulnerability has been resolved: bnxt_en: fi...2026

🕵️Threat Intelligence

1
Wiz
CVE-2026-31395 Impact, Exploitability, and Mitigation Steps | Wiz

💬Community

1
Bugzilla
CVE-2026-31395 kernel: bnxt_en: fix OOB access in DBG_BUF_PRODUCER async event handler2026-04-03