CVE-2026-31624

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> HID: core: clamp report_size in s32ton() to avoid undefined shift<br /> <br /> s32ton() shifts by n-1 where n is the field&amp;#39;s report_size, a value that<br /> comes directly from a HID device. The HID parser bounds report_size<br /> only to 32 clamp to the function<br /> snto32(), but s32ton() was never given the same fix as I guess syzbot<br /> hadn&amp;#39;t figured out how to fuzz a device the same way.<br /> <br /> Fix this up by just clamping the max value of n, just like snto32()<br /> does.