6.8
CVE-2026-53196
- EPSS 0.28%
- Veröffentlicht 25.06.2026 08:39:06
- Zuletzt bearbeitet 06.07.2026 12:35:18
- Quelle 416baaa9-dc9f-4396-8d5f-8c081f
- CVE-Watchlists
- Unerledigt
USB: serial: io_ti: fix heap overflow in get_manuf_info()
In the Linux kernel, the following vulnerability has been resolved: USB: serial: io_ti: fix heap overflow in get_manuf_info() get_manuf_info() reads le16_to_cpu(rom_desc->Size) bytes from the device I2C EEPROM into a buffer allocated with kmalloc_obj(), which is sizeof(struct edge_ti_manuf_descriptor) = 10 bytes. The Size field comes from the device and is only validated (in check_i2c_image()) to make sure the descriptor fits within TI_MAX_I2C_SIZE (16384 bytes), not against the destination buffer size. A malicious USB device can therefore set Size to any value up to 16377, causing a heap overflow of up to 16367 bytes when plugged into a host running this driver. valid_csum() is called after read_rom() and also iterates buffer[0..Size-1], compounding the out-of-bounds access. Fix by rejecting descriptors with unexpected length before calling read_rom(). [ johan: amend commit message; also check for short descriptors ]
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version >= 2.6.12.1 < 5.10.259
Linux ≫ Linux Kernel Version >= 5.11 < 5.15.210
Linux ≫ Linux Kernel Version >= 5.16 < 6.1.176
Linux ≫ Linux Kernel Version >= 6.2 < 6.6.143
Linux ≫ Linux Kernel Version >= 6.7 < 6.12.94
Linux ≫ Linux Kernel Version >= 6.13 < 6.18.36
Linux ≫ Linux Kernel Version >= 6.19 < 7.0.13
Linux ≫ Linux Kernel Version2.6.12 Update-
Linux ≫ Linux Kernel Version2.6.12 Updaterc2
Linux ≫ Linux Kernel Version2.6.12 Updaterc3
Linux ≫ Linux Kernel Version2.6.12 Updaterc4
Linux ≫ Linux Kernel Version2.6.12 Updaterc5
Linux ≫ Linux Kernel Version7.1 Updaterc1
Linux ≫ Linux Kernel Version7.1 Updaterc2
Linux ≫ Linux Kernel Version7.1 Updaterc3
Linux ≫ Linux Kernel Version7.1 Updaterc4
Linux ≫ Linux Kernel Version7.1 Updaterc5
Linux ≫ Linux Kernel Version7.1 Updaterc6
Linux ≫ Linux Kernel Version7.1 Updaterc7
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.28% | 0.202 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.8 | 0.9 | 5.9 |
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | 6.8 | 0.9 | 5.9 |
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-787 Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.
https://git.kernel.org/stable/c/e168db91442b94e64fa82a7dd297983d48ea5cc0
https://git.kernel.org/stable/c/561edb021486e6723d841926aa4b48097da06190
https://git.kernel.org/stable/c/cfd634f6dfd40c49a84f9bddc2867a80e2e2623a
https://git.kernel.org/stable/c/d92f17af7097d10bdeddf26f66f34b354104b277
https://git.kernel.org/stable/c/b849f30d1a9e66aae6b715aaef66e427390cb081
https://git.kernel.org/stable/c/f96cf7bf9fbf15d7fcf0c91fec47ba8a010369ea
https://git.kernel.org/stable/c/d214d2341d4f9f447e36a7d012cdf6a6631a55f1
https://git.kernel.org/stable/c/183c1076eca43bbb3e7bdf597456f91d81c73e74
https://access.redhat.com/security/cve/CVE-2026-53196
https://bugzilla.redhat.com/show_bug.cgi?id=2492750
https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-53196.json