{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2026-31779","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2026-03-09T15:48:24.140Z","datePublished":"2026-05-01T14:15:06.506Z","dateUpdated":"2026-05-11T22:15:38.933Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T22:15:38.933Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: mvm: fix potential out-of-bounds read in iwl_mvm_nd_match_info_handler()\n\nThe memcpy function assumes the dynamic array notif->matches is at least\nas large as the number of bytes to copy. Otherwise, results->matches may\ncontain unwanted data. To guarantee safety, extend the validation in one\nof the checks to ensure sufficient packet length.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE."}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H","baseScore":8.1,"baseSeverity":"HIGH"}}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/net/wireless/intel/iwlwifi/mvm/d3.c"],"versions":[{"version":"5ac54afd4d97ad8d94fe250c83b1924eb6d2268c","lessThan":"f6abac936a0dfd31d6c3e49205ec0ee75a8f887f","status":"affected","versionType":"git"},{"version":"5ac54afd4d97ad8d94fe250c83b1924eb6d2268c","lessThan":"ffbed27ba15ef80d1c622eeedbfef03e501ae134","status":"affected","versionType":"git"},{"version":"5ac54afd4d97ad8d94fe250c83b1924eb6d2268c","lessThan":"e67d8c626ace80b0fa2b48c8ec0a46b508c93442","status":"affected","versionType":"git"},{"version":"5ac54afd4d97ad8d94fe250c83b1924eb6d2268c","lessThan":"dd90880eb5ec5442b37eb2b95688f4a63f4883e3","status":"affected","versionType":"git"},{"version":"5ac54afd4d97ad8d94fe250c83b1924eb6d2268c","lessThan":"ca0e9491b98ca4c5b44204b0b3dd8062a3b5fba2","status":"affected","versionType":"git"},{"version":"5ac54afd4d97ad8d94fe250c83b1924eb6d2268c","lessThan":"744fabc338e87b95c4d1ff7c95bc8c0f834c6d99","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/net/wireless/intel/iwlwifi/mvm/d3.c"],"versions":[{"version":"6.1","status":"affected"},{"version":"0","lessThan":"6.1","status":"unaffected","versionType":"semver"},{"version":"6.1.168","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.6.134","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.12.81","lessThanOrEqual":"6.12.*","status":"unaffected","versionType":"semver"},{"version":"6.18.22","lessThanOrEqual":"6.18.*","status":"unaffected","versionType":"semver"},{"version":"6.19.12","lessThanOrEqual":"6.19.*","status":"unaffected","versionType":"semver"},{"version":"7.0","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.1","versionEndExcluding":"6.1.168"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.1","versionEndExcluding":"6.6.134"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.1","versionEndExcluding":"6.12.81"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.1","versionEndExcluding":"6.18.22"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.1","versionEndExcluding":"6.19.12"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.1","versionEndExcluding":"7.0"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/f6abac936a0dfd31d6c3e49205ec0ee75a8f887f"},{"url":"https://git.kernel.org/stable/c/ffbed27ba15ef80d1c622eeedbfef03e501ae134"},{"url":"https://git.kernel.org/stable/c/e67d8c626ace80b0fa2b48c8ec0a46b508c93442"},{"url":"https://git.kernel.org/stable/c/dd90880eb5ec5442b37eb2b95688f4a63f4883e3"},{"url":"https://git.kernel.org/stable/c/ca0e9491b98ca4c5b44204b0b3dd8062a3b5fba2"},{"url":"https://git.kernel.org/stable/c/744fabc338e87b95c4d1ff7c95bc8c0f834c6d99"}],"title":"wifi: iwlwifi: mvm: fix potential out-of-bounds read in iwl_mvm_nd_match_info_handler()","x_generator":{"engine":"bippy-1.2.0"}}}}