Skip to main content

Linux CVE-2026-31401

| EUVDEUVD-2026-18784 HIGH
Out-of-bounds Write (CWE-787)
2026-04-03 Linux GHSA-whg2-hqg5-6ph3
High
Disputed · 7.8 NVD
Share

Severity by source

Sources disagree (Low–High)
NVD PRIMARY
7.8 HIGH
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
SUSE
HIGH
qualitative
Red Hat
4.4 LOW
qualitative

vuln.today treats the vendor’s rating as authoritative. A higher third-party CVSS (e.g. CISA-ADP) is shown for transparency but does not drive the headline severity.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

6
Re-analysis Queued
Apr 27, 2026 - 14:22 vuln.today
cvss_changed
CVSS changed
Apr 27, 2026 - 14:22 NVD
7.8 (HIGH)
Patch available
Apr 16, 2026 - 05:29 EUVD
73c5b5aea1c443239c8cb4191b4af7a4bd6fd7b1,2b658c1c442ec1cd9eec5ead98d68662c40fe645
EUVD ID Assigned
Apr 03, 2026 - 15:30 euvd
EUVD-2026-18784
Analysis Generated
Apr 03, 2026 - 15:30 vuln.today
CVE Published
Apr 03, 2026 - 15:16 nvd
N/A

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

HID: bpf: prevent buffer overflow in hid_hw_request

right now the returned value is considered to be always valid. However, when playing with HID-BPF, the return value can be arbitrary big, because it's the return value of dispatch_hid_bpf_raw_requests(), which calls the struct_ops and we have no guarantees that the value makes sense.

AnalysisAI

Buffer overflow in Linux kernel HID-BPF subsystem allows arbitrary return values from dispatch_hid_bpf_raw_requests() to overflow the hid_hw_request buffer without validation. The vulnerability affects all Linux kernel versions with HID-BPF support; attackers with the ability to load or influence BPF programs targeting HID devices can trigger memory corruption. No CVSS score, EPSS data, or confirmed active exploitation has been assigned at time of analysis.

Technical ContextAI

The Linux kernel HID (Human Interface Device) subsystem includes BPF (Berkeley Packet Filter) integration that allows dynamic request handling through struct_ops dispatch mechanisms. The hid_hw_request function processes HID device communications but did not validate the return value size from dispatch_hid_bpf_raw_requests(), which invokes user-controlled or untrusted BPF programs. This violates buffer boundary checking principles (CWE category: Improper Input Validation / Buffer Boundary Violation). The affected component is part of the kernel's HID subsystem (drivers/hid/), which manages input devices like keyboards, mice, and custom HID peripherals. CPE indicates the vulnerability affects Linux kernel distributions across all architectures and configurations where HID-BPF is present.

RemediationAI

Apply kernel updates from your distribution containing the upstream fixes from the stable kernel repositories. Users should upgrade to the latest stable or LTS kernel version for their distribution that includes the HID-BPF buffer validation patches (commit references provided above). Interim mitigation: disable HID-BPF in kernel configuration (CONFIG_HID_BPF=n) if not required for your hardware and workload. For systems where BPF is required, restrict BPF program loading using kernel LSM policies or by limiting CAP_BPF privilege. Consult your Linux distribution's security advisory for specific patched kernel versions. The upstream fixes are available at https://git.kernel.org/stable/ under the commit hashes listed in references.

Vendor StatusVendor

SUSE

Severity: High
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed

Share

CVE-2026-31401 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy