Cyber Resilience

CVE-2026-31780

HighUpdated

Published: 01 May 2026

Published
01 May 2026
Modified
11 May 2026
KEV Added
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0001 3.6th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-31780 is a high-severity Out-of-bounds Write (CWE-787) vulnerability in Linux Linux Kernel. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 3.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and RA-5 (Vulnerability Monitoring and Scanning).

Deeper analysis

CVE-2026-31780 is a heap buffer overflow vulnerability in the Linux kernel's WILC1000 WiFi driver. The flaw stems from the use of a u8 variable, valuesize, to accumulate the total length of SSIDs for a scan buffer. With up to WILC_MAX_NUM_PROBED_SSID (10) SSIDs, each contributing up to 33 bytes (IEEE80211_MAX_SSID_LEN + 1), the total can reach 330 bytes. Stored in a u8, this overflows to 74, causing kmalloc to allocate only 75 bytes, while a subsequent memcpy writes up to 331 bytes, resulting in a 256-byte heap overflow.

The vulnerability carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). A local attacker with low privileges can exploit it by triggering an SSID scan with multiple long SSIDs, leading to the buffer overflow. Successful exploitation could allow arbitrary code execution, data corruption, or system denial of service with high impact on confidentiality, integrity, and availability.

Mitigation is provided through kernel patches in stable releases, which widen valuesize from u8 to u32 to handle the full buffer size range without overflow. Relevant commits include: https://git.kernel.org/stable/c/0c7f21d8bd2f93998b72b7a7f93152336aeca4dd, https://git.kernel.org/stable/c/34a23fd9ddd683a03c7e8cc0ceded3e59e354b99, https://git.kernel.org/stable/c/549f02d8ec94d39092ab6d9b103d0d6783a4b024, https://git.kernel.org/stable/c/9907ac9b9a18b92fc34b9e4cb9e10f208dc1d3f7, and https://git.kernel.org/stable/c/bfbddeadd4779651403035ee177ae2f22f9f5521. Security practitioners should ensure affected systems receive these updates.

EU & UK References

Vulnerability details

In the Linux kernel, the following vulnerability has been resolved: wifi: wilc1000: fix u8 overflow in SSID scan buffer size calculation The variable valuesize is declared as u8 but accumulates the total length of all SSIDs to scan. Each SSID…

more

contributes up to 33 bytes (IEEE80211_MAX_SSID_LEN + 1), and with WILC_MAX_NUM_PROBED_SSID (10) SSIDs the total can reach 330, which wraps around to 74 when stored in a u8. This causes kmalloc to allocate only 75 bytes while the subsequent memcpy writes up to 331 bytes into the buffer, resulting in a 256-byte heap buffer overflow. Widen valuesize from u8 to u32 to accommodate the full range.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Local kernel heap buffer overflow (AV:L/PR:L) in WiFi driver directly enables arbitrary code execution for privilege escalation via crafted SSID scan input.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-71137Same product: Linux Linux Kernel
CVE-2026-31772Same product: Linux Linux Kernel
CVE-2026-23378Same product: Linux Linux Kernel
CVE-2026-31494Same product: Linux Linux Kernel
CVE-2025-21735Same product: Linux Linux Kernel
CVE-2025-21650Same product: Linux Linux Kernel
CVE-2024-52319Same product: Linux Linux Kernel
CVE-2024-58003Same product: Linux Linux Kernel
CVE-2026-23343Same product: Linux Linux Kernel
CVE-2026-23092Same product: Linux Linux Kernel

Affected Assets

linux
linux kernel
7.0 · 4.2 — 5.10.253 · 5.11 — 5.15.203 · 5.16 — 6.1.168

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mandates timely patching of the heap buffer overflow flaw in the Linux kernel's WILC1000 WiFi driver as provided in stable kernel releases.

prevent

Implements memory safeguards like address space randomization and non-executable heap memory to mitigate exploitation of the heap buffer overflow.

detect

Enables vulnerability scanning to identify the presence of CVE-2026-31780 in deployed Linux kernels with the WILC1000 driver.

References