Out-of-Bounds Access in Linux Kernel's DVB Network Media
CVE-2026-31405
What is CVE-2026-31405?
A vulnerability has been identified within the Linux kernel affecting the DVB network media. The issue arises from improper handling of network-controlled data, specifically when indices for the extension header tables exceed their defined bounds. The 'ule_mandatory_ext_handlers' and 'ule_optional_ext_handlers' tables, intended to safely manage function pointers, were susceptible to out-of-bounds access when an index derived from network data resided outside the valid range. When such a scenario occurs, it can potentially lead to unexpected behavior, including calls to invalid memory addresses. This vulnerability has been mitigated by implementing bounds checking to ensure that any index used to access these tables falls within predefined limits, thereby discarding any out-of-range values.
Affected Version(s)
Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 29ef43ceb121d67b87f4cbb08439e4e9e732eff8
Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 1a6da3dbb9985d00743073a1cc1f96e59f5abc30
Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 145e50c2c700fa52b840df7bab206043997dd18e