SUSE CVE-2026-43048

In the Linux kernel, the following vulnerability has been resolved: HID: core: Mitigate potential OOB by removing bogus memset The memset in hidreportrawevent has the good intention of clearing out bogus data by zeroing the area from the end of the incoming data string to the assumed end of the...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: HID: core: fix shift-out-of-bounds in hidreportrawevent Syzbot reported a shift-out-of-bounds issue in hidreportrawevent. microsoft 0003:045E:07DA.0001: hidfieldextract called with n 128 32! swapper/0 UBSAN: shift-out-of-bounds i...

CVE-2026-43048

A flaw was found in the Linux kernel's Human Interface Device HID core. An incorrect memset operation within the hidreportrawevent function can lead to out-of-bounds OOB reads and writes. This vulnerability occurs when the incoming event buffer size is insufficient to fill the associated report,...

CVE-2026-43048

In the Linux kernel, the following vulnerability has been resolved: HID: core: Mitigate potential OOB by removing bogus memset The memset in hidreportrawevent has the good intention of clearing out bogus data by zeroing the area from the end of the incoming data string to the assumed end of the...

EUVD-2026-26647

In the Linux kernel, the following vulnerability has been resolved: HID: core: Mitigate potential OOB by removing bogus memset The memset in hidreportrawevent has the good intention of clearing out bogus data by zeroing the area from the end of the incoming data string to the assumed end of the...

CVE-2026-43048

The CVE concerns the Linux kernel HID core. The issue arises in hid_report_raw_event() where a memset() intended to clear bogus data can trigger out-of-bounds reads/writes when the incoming event buffer is not large enough for the report. The fix removes the problematic memset() and instead retur...

PT-2026-36465

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the HID core where the memset function within hid report raw event attempts to clear data by zeroing the area between the end of the incoming data string and the assumed...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the hidreportrawevent function in the HID core that can cause OOB reads and writes when using memset to clea...

Linux Distros Unpatched Vulnerability : CVE-2026-31624

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - HID: core: clamp reportsize in s32ton to avoid undefined shift s32ton shifts by n-1 where n is the field's reportsize, a value that comes directly from a HID...

SUSE CVE-2026-31624

In the Linux kernel, the following vulnerability has been resolved: HID: core: clamp reportsize in s32ton to avoid undefined shift s32ton shifts by n-1 where n is the field's reportsize, a value that comes directly from a HID device. The HID parser bounds reportsize only to 32 clamp to the functi...

CVE-2026-31624

A flaw was found in the Linux kernel's Human Interface Device HID core. A malicious or malformed HID device could provide a specially crafted report descriptor with an overly large reportsize value. This could lead to an undefined shift operation within the s32ton function when processing output...

DEBIAN-CVE-2026-31624

In the Linux kernel, the following vulnerability has been resolved: HID: core: clamp reportsize in s32ton to avoid undefined shift s32ton shifts by n-1 where n is the field's reportsize, a value that comes directly from a HID device. The HID parser bounds reportsize only to 32 clamp to the functi...

CVE-2026-31624

In the Linux kernel, the following vulnerability has been resolved: HID: core: clamp reportsize in s32ton to avoid undefined shift s32ton shifts by n-1 where n is the field's reportsize, a value that comes directly from a HID device. The HID parser bounds reportsize only to 32 clamp to the functi...

CVE-2026-31624

CVE-2026-31624) affects the Linux kernel HID core. The vulnerability arises when a HID device supplies a report descriptor with a large report_size, causing s32ton() to shift by n-1 with n > 32. The issue is resolved by clamping n to the same maximum used by snto32(), per commit ec61b41918587,...

CVE-2026-31624 HID: core: clamp report_size in s32ton() to avoid undefined shift

In the Linux kernel, the following vulnerability has been resolved: HID: core: clamp reportsize in s32ton to avoid undefined shift s32ton shifts by n-1 where n is the field's reportsize, a value that comes directly from a HID device. The HID parser bounds reportsize only to 32 clamp to the functi...

CVE-2026-31624

In the Linux kernel, the following vulnerability has been resolved: HID: core: clamp reportsize in s32ton to avoid undefined shift s32ton shifts by n-1 where n is the field's reportsize, a value that comes directly from a HID device. The HID parser bounds reportsize only to 32 clamp to the functi...

EUVD-2026-25517

In the Linux kernel, the following vulnerability has been resolved: HID: core: clamp reportsize in s32ton to avoid undefined shift s32ton shifts by n-1 where n is the field's reportsize, a value that comes directly from a HID device. The HID parser bounds reportsize only to 32 clamp to the functi...

PT-2026-34976

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the HID core where the s32ton function performs a shift operation by n-1, with n being the report size provided directly by a HID device. Because the HID parser only...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007219)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007219 advisory. In the Linux kernel, the following vulnerability has been resolved: HID: core: Harden s32ton against conversion to 0 bits Testing by the syzbot fuzzer showed that th...

Security Bulletin: This Power System update is being released to address CVE-2025-38556

Summary The affects the Universal Serial Bus USB ports of the system's management interface. Vulnerability Details CVEID:CVE-2025-38556 DESCRIPTION: In the Linux kernel, the following vulnerability has been resolved: HID: core: Harden s32ton against conversion to 0 bits Testing by the syzbot fuzz...