Integer Overflow Vulnerability in Linux Kernel USB Mass Storage Implementation
CVE-2026-31412

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 10 April 2026

What is CVE-2026-31412?

The Linux kernel contains a vulnerability in the USB mass storage gadget where an integer overflow may occur during command processing. The issue originates in the check_command_size_in_blocks() function, which calculates data sizes by left shifting the data_size_from_cmnd variable. If a large data request is issued via a malicious USB host, this shift operation may incorrectly assess the size, potentially leading to memory corruption or out-of-bounds memory access. The problem arises due to the absence of checks during the initialization of critical variables. The vulnerability has been addressed by implementing the check_shl_overflow() macro to prevent such overflow situations.

Affected Version(s)

Linux 144974e7f9e32b53b02f6c8632be45d8f43d6ab5 < 91817ad5452defe69bc7bc0e355f0ed5d01125cc

Linux 144974e7f9e32b53b02f6c8632be45d8f43d6ab5

Linux 144974e7f9e32b53b02f6c8632be45d8f43d6ab5 < 228b37936376143f4b60cc6828663f6eaceb81b5

References

https://git.kernel.org/stable/c/91817ad5452defe69bc7bc0e3...

https://git.kernel.org/stable/c/ce0caaed5940162780c5c223b...

https://git.kernel.org/stable/c/228b37936376143f4b60cc682...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 10, 2026
Vulnerability Reserved
Mar 9, 2026

CVE-2026-31412 Data

JSON