41 matches found
HID: core: clamp report_size in s32ton() to avoid undefined shift
...
Unity Linux 20.1060a Security Update: kernel (UTSA-2026-014356)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-014356 advisory. In the Linux kernel, the following vulnerability has been resolved: LoongArch: csum: Fix OoB access in IP checksum code for negative lengths Commit 69e3a6aa6be2...
CVE-2026-31624
A flaw was found in the Linux kernel's Human Interface Device HID core. A malicious or malformed HID device could provide a specially crafted report descriptor with an overly large reportsize value. This could lead to an undefined shift operation within the s32ton function when processing output...
CVE-2026-31624
In the Linux kernel, the following vulnerability has been resolved: HID: core: clamp reportsize in s32ton to avoid undefined shift s32ton shifts by n-1 where n is the field's reportsize, a value that comes directly from a HID device. The HID parser bounds reportsize only to 32 clamp to the functi...
DEBIAN-CVE-2026-31624
In the Linux kernel, the following vulnerability has been resolved: HID: core: clamp reportsize in s32ton to avoid undefined shift s32ton shifts by n-1 where n is the field's reportsize, a value that comes directly from a HID device. The HID parser bounds reportsize only to 32 clamp to the functi...
CVE-2026-31624 HID: core: clamp report_size in s32ton() to avoid undefined shift
In the Linux kernel, the following vulnerability has been resolved: HID: core: clamp reportsize in s32ton to avoid undefined shift s32ton shifts by n-1 where n is the field's reportsize, a value that comes directly from a HID device. The HID parser bounds reportsize only to 32 clamp to the functi...
CVE-2026-31624
In the Linux kernel, the following vulnerability has been resolved: HID: core: clamp reportsize in s32ton to avoid undefined shift s32ton shifts by n-1 where n is the field's reportsize, a value that comes directly from a HID device. The HID parser bounds reportsize only to 32 clamp to the functi...
CVE-2026-31624
CVE-2026-31624) affects the Linux kernel HID core. The vulnerability arises when a HID device supplies a report descriptor with a large report_size, causing s32ton() to shift by n-1 with n > 32. The issue is resolved by clamping n to the same maximum used by snto32(), per commit ec61b41918587,...
EUVD-2026-25517
In the Linux kernel, the following vulnerability has been resolved: HID: core: clamp reportsize in s32ton to avoid undefined shift s32ton shifts by n-1 where n is the field's reportsize, a value that comes directly from a HID device. The HID parser bounds reportsize only to 32 clamp to the functi...
PT-2026-34976
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the HID core where the s32ton function performs a shift operation by n-1, with n being the report size provided directly by a HID device. Because the HID parser only...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-006930)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006930 advisory. In the Linux kernel, the following vulnerability has been resolved: lib/fonts: fix undefined behavior in bit shift for getdefaultfont Shifting signed 32-bit value by...
kernel: Linux kernel: integer overflow and information disclosure via undefined shift operation in drm/amdkfd
A flaw was found in the Linux kernel’s AMD Kernel Fusion Driver amdkfd within the drm subsystem. When either getnumsdmaqueues or getnumxgmisdmaqueues returned 0, the driver performed a bit shift where the number of bits shifted equaled the operand width. Such a shift is undefined behavior in C an...
kernel: Linux kernel: integer overflow and information disclosure via undefined shift operation in drm/amdkfd
A flaw was found in the Linux kernel’s AMD Kernel Fusion Driver amdkfd within the drm subsystem. When either getnumsdmaqueues or getnumxgmisdmaqueues returned 0, the driver performed a bit shift where the number of bits shifted equaled the operand width. Such a shift is undefined behavior in C an...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2025-992302)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992302 advisory. In the Linux kernel, the following vulnerability has been resolved: net: mdio: fix undefined behavior in bit shift for mdiobusregister Shifting signed 32-bit value b...
Astra Linux - уязвимость в linux-6.12
In the Linux kernel, the following vulnerability has been resolved: gfs2: Validate idepth for exhash directories A fuzzer test introduced corruption that ends up with a depth of 0 in direread, causing an undefined shift by 32 at: index = hash 32 - dip-idepth; As calculated in an open-coded way in...
CVE-2023-53726
In the Linux kernel, the following vulnerability has been resolved: arm64: csum: Fix OoB access in IP checksum code for negative lengths Although commit c2c24edb1d9c "arm64: csum: Fix pathological zero-length calls" added an early return for zero-length input, syzkaller has popped up with an...
CVE-2023-53726
Technical details specific to CVE-2023-53726 are not publicly provided in the supplied documents. Monitor for updates from the kernel/security advisories and linked references.
OESA-2025-2312 kernel security update
The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: gfs2: Validate idepth for exhash directories A fuzzer test introduced corruption that ends up with a depth of 0 in direread, causing an undefined shift by 32 at:...
CVE-2022-50403
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...
CVE-2022-50390
In the Linux kernel, the following vulnerability has been resolved: drm/ttm: fix undefined behavior in bit shift for TTMTTFLAGPRIVPOPULATED Shifting signed 32-bit value by 31 bits is undefined, so changing significant bit to unsigned. The UBSAN warning calltrace like below: UBSAN:...