{"cve":{"cve_id":"CVE-2026-53196","is_kev":false,"kev_date_added":null,"kev_vendor_project":null,"kev_product":null,"kev_vulnerability_name":null,"kev_short_description":null,"kev_required_action":null,"kev_due_date":null,"kev_known_ransomware":null,"kev_notes":null,"kev_cwes":null,"epss_score":null,"epss_percentile":null,"epss_as_of":null,"description":"In the Linux kernel, the following vulnerability has been resolved:\n\nUSB: serial: io_ti: fix heap overflow in get_manuf_info()\n\nget_manuf_info() reads le16_to_cpu(rom_desc->Size) bytes from the\ndevice I2C EEPROM into a buffer allocated with kmalloc_obj(), which\nis sizeof(struct edge_ti_manuf_descriptor) = 10 bytes.\n\nThe Size field comes from the device and is only validated (in\ncheck_i2c_image()) to make sure the descriptor fits within\nTI_MAX_I2C_SIZE (16384 bytes), not against the destination buffer size.\nA malicious USB device can therefore set Size to any value up to 16377,\ncausing a heap overflow of up to 16367 bytes when plugged into a host\nrunning this driver.\n\nvalid_csum() is called after read_rom() and also iterates\nbuffer[0..Size-1], compounding the out-of-bounds access.\n\nFix by rejecting descriptors with unexpected length before calling\nread_rom().\n\n[ johan: amend commit message; also check for short descriptors ]","published_at":"2026-06-25T08:39:06.330000Z","last_modified_at":null,"cvss_v3_score":null,"cvss_v3_vector":null,"cvss_v3_severity":null,"cvss_v4_score":null,"cvss_v4_vector":null,"cvss_v4_severity":null,"ssvc_decision":null,"ssvc_exploitation":null,"ssvc_automatable":null,"ssvc_technical_impact":null,"cwes":null,"nvd_references":["https://git.kernel.org/stable/c/e168db91442b94e64fa82a7dd297983d48ea5cc0","https://git.kernel.org/stable/c/561edb021486e6723d841926aa4b48097da06190","https://git.kernel.org/stable/c/cfd634f6dfd40c49a84f9bddc2867a80e2e2623a","https://git.kernel.org/stable/c/d92f17af7097d10bdeddf26f66f34b354104b277","https://git.kernel.org/stable/c/b849f30d1a9e66aae6b715aaef66e427390cb081","https://git.kernel.org/stable/c/f96cf7bf9fbf15d7fcf0c91fec47ba8a010369ea","https://git.kernel.org/stable/c/d214d2341d4f9f447e36a7d012cdf6a6631a55f1","https://git.kernel.org/stable/c/183c1076eca43bbb3e7bdf597456f91d81c73e74"],"vuln_status":null,"trending_score":null,"is_trending":false,"has_trended":false,"trended_number_one":false,"trending_peak_score":null,"trending_peak_rank":null,"started_trending_at":null,"trended_number_one_at":null,"summary_generated":null,"summary_generated_at":null,"summary_model":null,"created_at":"2026-06-28T17:55:28.590503Z","updated_at":"2026-06-28T23:30:51.545322Z"},"effective_severity":null,"badges":[],"impact_analysis":[],"cvss_v3_decoded":{"version":null,"metrics":[]},"cvss_v4_decoded":{"version":null,"metrics":[]},"affected":[{"vendor_slug":"linux","vendor_name":"Linux","product_slug":"linux","product_name":"Linux","version_start":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","version_start_inclusive":true,"version_end":"e168db91442b94e64fa82a7dd297983d48ea5cc0","version_end_inclusive":false,"cpe23_uri":"cve5:linux:linux:1da177e4c3f41524e886b7f1b8a0c1fc7321cac2:e168db91442b94e64fa82a7dd297983d48ea5cc0"},{"vendor_slug":"linux","vendor_name":"Linux","product_slug":"linux","product_name":"Linux","version_start":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","version_start_inclusive":true,"version_end":"561edb021486e6723d841926aa4b48097da06190","version_end_inclusive":false,"cpe23_uri":"cve5:linux:linux:1da177e4c3f41524e886b7f1b8a0c1fc7321cac2:561edb021486e6723d841926aa4b48097da06190"},{"vendor_slug":"linux","vendor_name":"Linux","product_slug":"linux","product_name":"Linux","version_start":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","version_start_inclusive":true,"version_end":"cfd634f6dfd40c49a84f9bddc2867a80e2e2623a","version_end_inclusive":false,"cpe23_uri":"cve5:linux:linux:1da177e4c3f41524e886b7f1b8a0c1fc7321cac2:cfd634f6dfd40c49a84f9bddc2867a80e2e2623a"},{"vendor_slug":"linux","vendor_name":"Linux","product_slug":"linux","product_name":"Linux","version_start":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","version_start_inclusive":true,"version_end":"d92f17af7097d10bdeddf26f66f34b354104b277","version_end_inclusive":false,"cpe23_uri":"cve5:linux:linux:1da177e4c3f41524e886b7f1b8a0c1fc7321cac2:d92f17af7097d10bdeddf26f66f34b354104b277"},{"vendor_slug":"linux","vendor_name":"Linux","product_slug":"linux","product_name":"Linux","version_start":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","version_start_inclusive":true,"version_end":"b849f30d1a9e66aae6b715aaef66e427390cb081","version_end_inclusive":false,"cpe23_uri":"cve5:linux:linux:1da177e4c3f41524e886b7f1b8a0c1fc7321cac2:b849f30d1a9e66aae6b715aaef66e427390cb081"},{"vendor_slug":"linux","vendor_name":"Linux","product_slug":"linux","product_name":"Linux","version_start":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","version_start_inclusive":true,"version_end":"f96cf7bf9fbf15d7fcf0c91fec47ba8a010369ea","version_end_inclusive":false,"cpe23_uri":"cve5:linux:linux:1da177e4c3f41524e886b7f1b8a0c1fc7321cac2:f96cf7bf9fbf15d7fcf0c91fec47ba8a010369ea"},{"vendor_slug":"linux","vendor_name":"Linux","product_slug":"linux","product_name":"Linux","version_start":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","version_start_inclusive":true,"version_end":"d214d2341d4f9f447e36a7d012cdf6a6631a55f1","version_end_inclusive":false,"cpe23_uri":"cve5:linux:linux:1da177e4c3f41524e886b7f1b8a0c1fc7321cac2:d214d2341d4f9f447e36a7d012cdf6a6631a55f1"},{"vendor_slug":"linux","vendor_name":"Linux","product_slug":"linux","product_name":"Linux","version_start":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","version_start_inclusive":true,"version_end":"183c1076eca43bbb3e7bdf597456f91d81c73e74","version_end_inclusive":false,"cpe23_uri":"cve5:linux:linux:1da177e4c3f41524e886b7f1b8a0c1fc7321cac2:183c1076eca43bbb3e7bdf597456f91d81c73e74"},{"vendor_slug":"linux","vendor_name":"Linux","product_slug":"linux","product_name":"Linux","version_start":"2.6.12","version_start_inclusive":true,"version_end":"2.6.12","version_end_inclusive":true,"cpe23_uri":"cve5:linux:linux:2.6.12:2.6.12"},{"vendor_slug":"linux","vendor_name":"Linux","product_slug":"linux","product_name":"Linux","version_start":"0","version_start_inclusive":true,"version_end":"2.6.12","version_end_inclusive":false,"cpe23_uri":"cve5:linux:linux:0:2.6.12"},{"vendor_slug":"linux","vendor_name":"Linux","product_slug":"linux","product_name":"Linux","version_start":"5.10.259","version_start_inclusive":true,"version_end":"5.10.*","version_end_inclusive":true,"cpe23_uri":"cve5:linux:linux:5.10.259:5.10.*"},{"vendor_slug":"linux","vendor_name":"Linux","product_slug":"linux","product_name":"Linux","version_start":"5.15.210","version_start_inclusive":true,"version_end":"5.15.*","version_end_inclusive":true,"cpe23_uri":"cve5:linux:linux:5.15.210:5.15.*"},{"vendor_slug":"linux","vendor_name":"Linux","product_slug":"linux","product_name":"Linux","version_start":"6.1.176","version_start_inclusive":true,"version_end":"6.1.*","version_end_inclusive":true,"cpe23_uri":"cve5:linux:linux:6.1.176:6.1.*"},{"vendor_slug":"linux","vendor_name":"Linux","product_slug":"linux","product_name":"Linux","version_start":"6.6.143","version_start_inclusive":true,"version_end":"6.6.*","version_end_inclusive":true,"cpe23_uri":"cve5:linux:linux:6.6.143:6.6.*"},{"vendor_slug":"linux","vendor_name":"Linux","product_slug":"linux","product_name":"Linux","version_start":"6.12.94","version_start_inclusive":true,"version_end":"6.12.*","version_end_inclusive":true,"cpe23_uri":"cve5:linux:linux:6.12.94:6.12.*"},{"vendor_slug":"linux","vendor_name":"Linux","product_slug":"linux","product_name":"Linux","version_start":"6.18.36","version_start_inclusive":true,"version_end":"6.18.*","version_end_inclusive":true,"cpe23_uri":"cve5:linux:linux:6.18.36:6.18.*"},{"vendor_slug":"linux","vendor_name":"Linux","product_slug":"linux","product_name":"Linux","version_start":"7.0.13","version_start_inclusive":true,"version_end":"7.0.*","version_end_inclusive":true,"cpe23_uri":"cve5:linux:linux:7.0.13:7.0.*"},{"vendor_slug":"linux","vendor_name":"Linux","product_slug":"linux","product_name":"Linux","version_start":"7.1","version_start_inclusive":true,"version_end":"*","version_end_inclusive":true,"cpe23_uri":"cve5:linux:linux:7.1:*"}],"exploit_refs":[],"news":[],"references":[{"url":"https://git.kernel.org/stable/c/e168db91442b94e64fa82a7dd297983d48ea5cc0","source_type":"MISC","tags":[]},{"url":"https://git.kernel.org/stable/c/561edb021486e6723d841926aa4b48097da06190","source_type":"MISC","tags":[]},{"url":"https://git.kernel.org/stable/c/cfd634f6dfd40c49a84f9bddc2867a80e2e2623a","source_type":"MISC","tags":[]},{"url":"https://git.kernel.org/stable/c/d92f17af7097d10bdeddf26f66f34b354104b277","source_type":"MISC","tags":[]},{"url":"https://git.kernel.org/stable/c/b849f30d1a9e66aae6b715aaef66e427390cb081","source_type":"MISC","tags":[]},{"url":"https://git.kernel.org/stable/c/f96cf7bf9fbf15d7fcf0c91fec47ba8a010369ea","source_type":"MISC","tags":[]},{"url":"https://git.kernel.org/stable/c/d214d2341d4f9f447e36a7d012cdf6a6631a55f1","source_type":"MISC","tags":[]},{"url":"https://git.kernel.org/stable/c/183c1076eca43bbb3e7bdf597456f91d81c73e74","source_type":"MISC","tags":[]}],"timeline":[{"type":"published","at":"2026-06-25T08:39:06.330000Z","label":"CVE published","source":null}]}