CVE-2026-31780
Integer Overflow in Wilc1000 WiFi Driver Leading to Heap Buffer Overflow
Publication date: 2026-05-01
Last updated on: 2026-05-03
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux_kernel | wifi | From 0 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Linux kernel's wifi component, specifically in the wilc1000 driver. It involves an overflow issue caused by the variable 'valuesize' being declared as an 8-bit unsigned integer (u8) but used to accumulate the total length of multiple SSIDs to scan.
Each SSID can be up to 33 bytes long, and with up to 10 SSIDs, the total length can reach 330 bytes. However, since 'valuesize' is a u8, it wraps around and only stores 74 instead of 330.
As a result, the kernel allocates only 75 bytes of memory but then copies up to 331 bytes into this buffer, causing a 256-byte heap buffer overflow. The fix involved changing 'valuesize' from u8 to u32 to correctly handle the full range of data.
How can this vulnerability impact me? :
This vulnerability can lead to a heap buffer overflow in the Linux kernel's wifi driver. Such an overflow can cause memory corruption, potentially leading to system crashes, instability, or allowing an attacker to execute arbitrary code with kernel privileges.
Exploitation of this vulnerability could compromise the security and stability of affected systems, especially those using the wilc1000 wifi driver.