CVE-2026-31401

EUVD-2026-18784
In the Linux kernel, the following vulnerability has been resolved:

HID: bpf: prevent buffer overflow in hid_hw_request

right now the returned value is considered to be always valid. However,
when playing with HID-BPF, the return value can be arbitrary big,
because it's the return value of dispatch_hid_bpf_raw_requests(), which
calls the struct_ops and we have no guarantees that the value makes
sense.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 3%
Affected Products (NVD)
VendorProductVersion
linuxlinux_kernel
6.11 ≤
𝑥
< 6.12.78
linuxlinux_kernel
6.13 ≤
𝑥
< 6.18.20
linuxlinux_kernel
6.19 ≤
𝑥
< 6.19.10
linuxlinux_kernel
7.0:rc1
linuxlinux_kernel
7.0:rc2
linuxlinux_kernel
7.0:rc3
linuxlinux_kernel
7.0:rc4
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
linux
bookworm
6.1.170-3
fixed
bookworm (security)
6.1.172-1
fixed
bullseye
5.10.223-1
fixed
bullseye (security)
5.10.251-5
fixed
forky
7.0.7-1
fixed
sid
7.0.7-1
fixed
trixie
6.12.86-1
fixed
trixie (security)
6.12.88-1
fixed
Common Weakness Enumeration
References
https://git.kernel.org/stable/c/2b658c1c442ec1cd9eec5ead98d68662c40fe645
https://git.kernel.org/stable/c/73c5b5aea1c443239c8cb4191b4af7a4bd6fd7b1
https://git.kernel.org/stable/c/d6efaa50af62fb0790dd1fd4e7e5506b46312510
https://git.kernel.org/stable/c/eb57dae20fdf6f3069cdc07821fa3bb46de381d7