CVE-2026-31624
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
24/04/2026
Last modified:
28/04/2026
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
HID: core: clamp report_size in s32ton() to avoid undefined shift<br />
<br />
s32ton() shifts by n-1 where n is the field&#39;s report_size, a value that<br />
comes directly from a HID device. The HID parser bounds report_size<br />
only to 32 clamp to the function<br />
snto32(), but s32ton() was never given the same fix as I guess syzbot<br />
hadn&#39;t figured out how to fuzz a device the same way.<br />
<br />
Fix this up by just clamping the max value of n, just like snto32()<br />
does.
Impact
Base Score 3.x
5.50
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 2.6.20.1 (including) | 6.6.136 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.7 (including) | 6.12.83 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.13 (including) | 6.18.24 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.19 (including) | 6.19.14 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 7.0 (including) | 7.0.1 (excluding) |
| cpe:2.3:o:linux:linux_kernel:2.6.20:-:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://git.kernel.org/stable/c/58386f00af710922cafb0fb69211497beddfaa95
- https://git.kernel.org/stable/c/69c02ffde6ed4d535fa4e693a9e572729cad3d0d
- https://git.kernel.org/stable/c/8a8333237f1f5caab8d4c3d2c2e7578c4263a97f
- https://git.kernel.org/stable/c/932ae5309e53561197aa7d1606c7cf63af10e24f
- https://git.kernel.org/stable/c/97014719bb8fccb1ffcbbc299e84b1f11b114195
- https://git.kernel.org/stable/c/ea363a34086ddb4231adc581a7f36c39ec154bfc