CVE-2026-31401
Buffer Overflow in Linux Kernel HID-BPF Could Cause Memory Corruption
Publication date: 2026-04-03
Last updated on: 2026-05-20
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | 7.0 |
| linux | linux_kernel | 7.0 |
| linux | linux_kernel | 7.0 |
| linux | linux_kernel | 7.0 |
| linux | linux_kernel | From 6.13 (inc) to 6.18.20 (exc) |
| linux | linux_kernel | From 6.19 (inc) to 6.19.10 (exc) |
| linux | linux_kernel | From 6.11 (inc) to 6.12.78 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-787 | The product writes data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Linux kernel's HID subsystem related to BPF (Berkeley Packet Filter). Specifically, it involves a buffer overflow in the function hid_hw_request. The issue arises because the return value from dispatch_hid_bpf_raw_requests(), which calls struct_ops, can be arbitrarily large and is currently assumed to always be valid. This lack of validation can lead to a buffer overflow.
How can this vulnerability impact me? :
The buffer overflow vulnerability in the Linux kernel's HID subsystem could potentially allow an attacker to execute arbitrary code, cause a denial of service, or corrupt memory. This could compromise system stability and security, potentially allowing unauthorized access or control over the affected system.