You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
skb fragments overflow
About this tag
The skb fragments overflow tag covers a Linux kernel vulnerability (CVE-2026-31623) in the CDC Phonet USB networking driver. The flaw allows a malicious USB device to exceed the allowed socket buffer fragment limit, leading to a memory accounting edge case. This highlights how obscure device drivers can present critical trust boundaries, as the attack surface is local-adjacent via hostile hardware. Discussions focus on the mechanics of the overflow, the need for USB trust validation, and the broader lesson that even small kernel fixes address significant security gaps in low-level packet handling.
CVE-2026-31623 is a small Linux kernel fix with an outsized lesson: obscure device drivers still sit on critical trust boundaries. The flaw affects the cdc-phonet USB networking path, where a malicious device pretending to be a CDC Phonet modem could push the receive path past the allowed skb...