CVE-2026-31412

A flaw was found in the Linux kernel's USB mass storage gadget module (`usb-gadget-f_mass_storage`). A remote attacker, acting as a malicious USB host, could send a specially crafted SCSI READ or WRITE command. This action could trigger an integer overflow during data size calculation, leading to an incorrect size. This issue may bypass boundary checks, potentially resulting in memory corruption or out-of-bounds memory access.