CVE-2026-31690
Buffer Overflow in Linux TH1520 Firmware Driver Fixed
Publication date: 2026-04-27
Last updated on: 2026-05-06
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | 7.0 |
| linux | linux_kernel | 7.0 |
| linux | linux_kernel | 7.0 |
| linux | linux_kernel | 7.0 |
| linux | linux_kernel | 7.0 |
| linux | linux_kernel | 7.0 |
| linux | linux_kernel | 7.0 |
| linux | linux_kernel | From 6.19 (inc) to 6.19.13 (exc) |
| linux | linux_kernel | From 6.15 (inc) to 6.18.23 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-787 | The product writes data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Linux kernel's TH1520 AON firmware protocol driver. It involves two main issues:
- A potential buffer overflow caused by unsafe pointer arithmetic when accessing the 'mode' field through the 'resource' pointer with an offset.
- The use of custom RPC_SET_BE* and RPC_GET_BE* macros for endianness conversion, which were replaced with standard kernel endianness conversion macros (like cpu_to_be16) to improve portability and maintainability.
The buffer overflow was identified by the Smatch static checker and fixed to prevent possible memory corruption.
How can this vulnerability impact me? :
The primary impact of this vulnerability is the risk of a buffer overflow in the firmware driver, which could potentially lead to memory corruption.
Memory corruption can cause system instability, crashes, or potentially allow an attacker to execute arbitrary code with kernel privileges, depending on the exploitation context.
Additionally, the replacement of custom endianness macros with standard ones improves the reliability and maintainability of the driver, reducing the risk of bugs related to data interpretation across different hardware architectures.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability relates to a buffer overflow and endian macro usage in the TH1520 AON firmware protocol driver within the Linux kernel. Detection would involve checking the kernel version or firmware version to confirm if the fix has been applied.
You can check the kernel messages for firmware loading related to powervr and the GPU firmware version by using the following command:
- dmesg | grep powervr
Look for lines similar to: '[drm] loaded firmware powervr/rogue_36.52.104.182_v1.fw' and '[drm] FW version v1.0 (build 6645434 OS)' which indicate the firmware and driver initialization.
Additionally, verifying the kernel version or patch level that includes this fix would help confirm if the vulnerability is addressed.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, update your Linux kernel to a version that includes the fix for the TH1520 AON firmware protocol driver buffer overflow and endian macro issues.
Ensure that the powervr GPU firmware is properly loaded and initialized as expected, which confirms the fix is in place.
Avoid using kernels or firmware versions prior to the fix to prevent exposure to the buffer overflow vulnerability.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not include any details about the impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.