Copyright © 2012 Red Hat, Inc. All rights reserved. Important 2026-04-24T00:00:00 kernel: net: usb: cdc-phonet: fix skb frags[] overflow in rx_complete() 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CWE-120

In the Linux kernel, the following vulnerability has been resolved: net: usb: cdc-phonet: fix skb frags[] overflow in rx_complete() A malicious USB device claiming to be a CDC Phonet modem can overflow the skb_shared_info->frags[] array by sending an unbounded sequence of full-page bulk transfers. Drop the skb and increment the length error when the frag limit is reached. This matches the same fix that commit f0813bcd2d9d ("net: wwan: t7xx: fix potential skb->frags overflow in RX path") did for the t7xx driver.

A flaw was found in the Linux kernel's cdc-phonet driver. A malicious USB device, pretending to be a CDC Phonet modem, can exploit this vulnerability by sending an unlimited number of large data transfers. This can cause an overflow in the kernel's internal data buffer (skb_shared_info->frags[] array), leading to a Denial of Service (DoS) condition where the system may become unresponsive or crash.

Red Hat Enterprise Linux 10 Not affected kernel Red Hat Enterprise Linux 6 Under investigation kernel Red Hat Enterprise Linux 7 Not affected kernel Red Hat Enterprise Linux 7 Not affected kernel-rt Red Hat Enterprise Linux 8 Not affected kernel Red Hat Enterprise Linux 8 Not affected kernel-rt Red Hat Enterprise Linux 9 Not affected kernel Red Hat Enterprise Linux 9 Not affected kernel-rt https://www.cve.org/CVERecord?id=CVE-2026-31623 https://nvd.nist.gov/vuln/detail/CVE-2026-31623 https://lore.kernel.org/linux-cve-announce/2026042426-CVE-2026-31623-64d8@gregkh/T