CVE-2026-31405
ADVISORY - nistSummary
In the Linux kernel, the following vulnerability has been resolved:
media: dvb-net: fix OOB access in ULE extension header tables
The ule_mandatory_ext_handlers[] and ule_optional_ext_handlers[] tables in handle_one_ule_extension() are declared with 255 elements (valid indices 0-254), but the index htype is derived from network-controlled data as (ule_sndu_type & 0x00FF), giving a range of 0-255. When htype equals 255, an out-of-bounds read occurs on the function pointer table, and the OOB value may be called as a function pointer.
Add a bounds check on htype against the array size before either table is accessed. Out-of-range values now cause the SNDU to be discarded.
Common Weakness Enumeration (CWE)
Out-of-bounds Read
Improper Validation of Specified Index, Position, or Offset in Input
Sign in to Docker Scout
See which of your images are affected by this CVE and how to fix them by signing into Docker Scout.
Sign in