CVE-2026-31748

*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> comedi: me_daq: Fix potential overrun of firmware buffer<br /> <br /> `me2600_xilinx_download()` loads the firmware that was requested by<br /> `request_firmware()`. It is possible for it to overrun the source<br /> buffer because it blindly trusts the file format. It reads a data<br /> stream length from the first 4 bytes into variable `file_length` and<br /> reads the data stream contents of length `file_length` from offset 16<br /> onwards. Although it checks that the supplied firmware is at least 16<br /> bytes long, it does not check that it is long enough to contain the data<br /> stream.<br /> <br /> Add a test to ensure that the supplied firmware is long enough to<br /> contain the header and the data stream. On failure, log an error and<br /> return `-EINVAL`.