Out-of-bounds Write Affecting linux-qemu-melange package, versions <6.18.38-r0


Severity

Recommended
0.0
high
0
10

Snyk's Security Team recommends NVD's CVSS assessment. Learn more

Threat Intelligence

EPSS
0.15% (5th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-CHAINGUARDLATEST-LINUXQEMUMELANGE-17949921
  • published11 Jul 2026
  • disclosed25 Jun 2026

Introduced: 25 Jun 2026

NewCVE-2026-53195  (opens in a new tab)
CWE-787  (opens in a new tab)

How to fix?

Upgrade Chainguard linux-qemu-melange to version 6.18.38-r0 or higher.

NVD Description

Note: Versions mentioned in the description apply only to the upstream linux-qemu-melange package and not the linux-qemu-melange package as distributed by Chainguard. See How to fix? for Chainguard relevant fixed versions and status.

In the Linux kernel, the following vulnerability has been resolved:

USB: serial: io_ti: fix heap overflow in build_i2c_fw_hdr()

build_i2c_fw_hdr() allocates a fixed-size buffer of (16*1024 - 512) + sizeof(struct ti_i2c_firmware_rec) bytes, then copies le16_to_cpu(img_header->Length) bytes into it without validating that Length fits within the available space after the firmware record header.

img_header->Length is a __le16 from the firmware file and can be up to 65535. check_fw_sanity() validates the total firmware size but not img_header->Length specifically.

Fix by rejecting images where img_header->Length exceeds the available destination space.

CVSS Base Scores

version 3.1