CVE-2026-31607
CVE-2026-31607 (Linux kernel USB/IP) : A RET_SUBMIT response can cause an out-of-bounds write when usbip_pack_ret_submit() overwrites urb->number_of_packets without validation. The loop bound in usbip_recv_iso()/usbip_pad_iso() then writes beyond urb->iso_frame_desc[], triggering a heap OOB...