CVE-2026-31401
Published: Apr 3, 2026
Modified: May 11, 2026
CVSS v3.1
7.8
Description
In the Linux kernel, the following vulnerability has been resolved: HID: bpf: prevent buffer overflow in hid_hw_request right now the returned value is considered to be always valid. However, when playing with HID-BPF, the return value can be arbitrary big, because it's the return value of dispatch_hid_bpf_raw_requests(), which calls the struct_ops and we have no guarantees that the value makes sense.
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected 8bd0488b5ea58655ad6fdcbe0408ef49b16882b1 - < d6efaa50af62fb0790dd1fd4e7e5506b46312510affected 8bd0488b5ea58655ad6fdcbe0408ef49b16882b1 - < 73c5b5aea1c443239c8cb4191b4af7a4bd6fd7b1affected 8bd0488b5ea58655ad6fdcbe0408ef49b16882b1 - < eb57dae20fdf6f3069cdc07821fa3bb46de381d7affected 8bd0488b5ea58655ad6fdcbe0408ef49b16882b1 - < 2b658c1c442ec1cd9eec5ead98d68662c40fe645 |
Linux | Linux | affected 6.11unaffected 0 - < 6.11unaffected 6.12.78 - <= 6.12.*unaffected 6.18.20 - <= 6.18.*unaffected 6.19.10 - <= 6.19.*+1 more versions |
CVSS v3.1 Details
CVSS v3.1 Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now