CVE-2026-31401 PUBLISHED

HID: bpf: prevent buffer overflow in hid_hw_request

Assigner: Linux
Reserved: 09.03.2026 Published: 03.04.2026 Updated: 03.04.2026

In the Linux kernel, the following vulnerability has been resolved:

HID: bpf: prevent buffer overflow in hid_hw_request

right now the returned value is considered to be always valid. However, when playing with HID-BPF, the return value can be arbitrary big, because it's the return value of dispatch_hid_bpf_raw_requests(), which calls the struct_ops and we have no guarantees that the value makes sense.

Product Status

Vendor	Linux
Product	Linux
Versions	Default: unaffected affected from 8bd0488b5ea58655ad6fdcbe0408ef49b16882b1 to d6efaa50af62fb0790dd1fd4e7e5506b46312510 (excl.) affected from 8bd0488b5ea58655ad6fdcbe0408ef49b16882b1 to 73c5b5aea1c443239c8cb4191b4af7a4bd6fd7b1 (excl.) affected from 8bd0488b5ea58655ad6fdcbe0408ef49b16882b1 to eb57dae20fdf6f3069cdc07821fa3bb46de381d7 (excl.) affected from 8bd0488b5ea58655ad6fdcbe0408ef49b16882b1 to 2b658c1c442ec1cd9eec5ead98d68662c40fe645 (excl.)

Vendor	Linux
Product	Linux
Versions	Default: affected Version 6.11 is affected unaffected from 0 to 6.11 (excl.) unaffected from 6.12.78 to 6.12.* (incl.) unaffected from 6.18.20 to 6.18.* (incl.) unaffected from 6.19.10 to 6.19.* (incl.) unaffected from 7.0-rc5 to * (incl.)

CVE-2026-31401 PUBLISHED

HID: bpf: prevent buffer overflow in hid_hw_request

Product Status

References