CVE-2026-23178

*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> HID: i2c-hid: fix potential buffer overflow in i2c_hid_get_report()<br /> <br /> `i2c_hid_xfer` is used to read `recv_len + sizeof(__le16)` bytes of data<br /> into `ihid-&gt;rawbuf`.<br /> <br /> The former can come from the userspace in the hidraw driver and is only<br /> bounded by HID_MAX_BUFFER_SIZE(16384) by default (unless we also set<br /> `max_buffer_size` field of `struct hid_ll_driver` which we do not).<br /> <br /> The latter has size determined at runtime by the maximum size of<br /> different report types you could receive on any particular device and<br /> can be a much smaller value.<br /> <br /> Fix this by truncating `recv_len` to `ihid-&gt;bufsize - sizeof(__le16)`.<br /> <br /> The impact is low since access to hidraw devices requires root.