CVE-2026-31779
Out-of-Bounds Read in Linux Kernel iwlwifi MVM Driver
Publication date: 2026-05-01
Last updated on: 2026-05-03
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| intel | iwlwifi | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Linux kernel's iwlwifi driver, specifically in the mvm component. It involves a potential out-of-bounds read in the function iwl_mvm_nd_match_info_handler(). The issue arises because the memcpy function assumes that the dynamic array notif->matches is at least as large as the number of bytes to copy. If this assumption is incorrect, the results->matches array may contain unwanted or invalid data. The fix involves extending validation checks to ensure the packet length is sufficient before performing the copy, preventing out-of-bounds reads.
How can this vulnerability impact me? :
This vulnerability can lead to out-of-bounds reads in kernel memory, which may cause the system to behave unpredictably or expose unintended data. Such memory safety issues can potentially be exploited to cause crashes or information leaks, impacting system stability and security.