CVE-2026-31405Improper Validation of Specified Index, Position, or Offset in Input in Linux

CWE-1285Improper Validation of Specified Index, Position, or Offset in Input7 documents7 sources
Severity
5.3MEDIUM
No vector
EPSS
0.0%
top 96.68%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedApr 6

Description

In the Linux kernel, the following vulnerability has been resolved: media: dvb-net: fix OOB access in ULE extension header tables The ule_mandatory_ext_handlers[] and ule_optional_ext_handlers[] tables in handle_one_ule_extension() are declared with 255 elements (valid indices 0-254), but the index htype is derived from network-controlled data as (ule_sndu_type & 0x00FF), giving a range of 0-255. When htype equals 255, an out-of-bounds read occurs on the function pointer table, and the OOB val

Affected Packages3 packages

Debianlinux/linux_kernel< 6.19.10-1
CVEListV5linux/linux1da177e4c3f41524e886b7f1b8a0c1fc7321cac229ef43ceb121d67b87f4cbb08439e4e9e732eff8+6
debiandebian/linux< linux 6.19.10-1 (forky)

🔴Vulnerability Details

2
GHSA
GHSA-qqxp-95qg-gqxr: In the Linux kernel, the following vulnerability has been resolved: media: dvb-net: fix OOB access in ULE extension header tables The ule_mandatory_2026-04-06
OSV
CVE-2026-31405: In the Linux kernel, the following vulnerability has been resolved: media: dvb-net: fix OOB access in ULE extension header tables The ule_mandatory_ex2026-04-06

📋Vendor Advisories

2
Red Hat
kernel: media: dvb-net: fix OOB access in ULE extension header tables2026-04-06
Debian
CVE-2026-31405: linux - In the Linux kernel, the following vulnerability has been resolved: media: dvb-...2026

🕵️Threat Intelligence

1
Wiz
CVE-2026-31405 Impact, Exploitability, and Mitigation Steps | Wiz

💬Community

1
Bugzilla
CVE-2026-31405 kernel: media: dvb-net: fix OOB access in ULE extension header tables2026-04-06