{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2026-31690","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2026-03-09T15:48:24.131Z","datePublished":"2026-04-27T17:34:28.738Z","dateUpdated":"2026-05-11T22:13:45.476Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T22:13:45.476Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nfirmware: thead: Fix buffer overflow and use standard endian macros\n\nAddresses two issues in the TH1520 AON firmware protocol driver:\n\n1. Fix a potential buffer overflow where the code used unsafe pointer\n   arithmetic to access the 'mode' field through the 'resource' pointer\n   with an offset. This was flagged by Smatch static checker as:\n   \"buffer overflow 'data' 2 <= 3\"\n\n2. Replace custom RPC_SET_BE* and RPC_GET_BE* macros with standard\n   kernel endianness conversion macros (cpu_to_be16, etc.) for better\n   portability and maintainability.\n\nThe functionality was re-tested with the GPU power-up sequence,\nconfirming the GPU powers up correctly and the driver probes\nsuccessfully.\n\n[   12.702370] powervr ffef400000.gpu: [drm] loaded firmware\npowervr/rogue_36.52.104.182_v1.fw\n[   12.711043] powervr ffef400000.gpu: [drm] FW version v1.0 (build\n6645434 OS)\n[   12.719787] [drm] Initialized powervr 1.0.0 for ffef400000.gpu on\nminor 0"}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/firmware/thead,th1520-aon.c","include/linux/firmware/thead/thead,th1520-aon.h"],"versions":[{"version":"e4b3cbd840e565484d0ad8d260d27c057466ed17","lessThan":"fbdb43f6bb2a15ed382d6eb0ef82c8b07b0d47bb","status":"affected","versionType":"git"},{"version":"e4b3cbd840e565484d0ad8d260d27c057466ed17","lessThan":"bd15a5deb5a7251dc1a0cf9186f0253f7eacdb97","status":"affected","versionType":"git"},{"version":"e4b3cbd840e565484d0ad8d260d27c057466ed17","lessThan":"88c4bd90725557796c15878b7cb70066e9e6b5ab","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/firmware/thead,th1520-aon.c","include/linux/firmware/thead/thead,th1520-aon.h"],"versions":[{"version":"6.15","status":"affected"},{"version":"0","lessThan":"6.15","status":"unaffected","versionType":"semver"},{"version":"6.18.23","lessThanOrEqual":"6.18.*","status":"unaffected","versionType":"semver"},{"version":"6.19.13","lessThanOrEqual":"6.19.*","status":"unaffected","versionType":"semver"},{"version":"7.0","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.15","versionEndExcluding":"6.18.23"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.15","versionEndExcluding":"6.19.13"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.15","versionEndExcluding":"7.0"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/fbdb43f6bb2a15ed382d6eb0ef82c8b07b0d47bb"},{"url":"https://git.kernel.org/stable/c/bd15a5deb5a7251dc1a0cf9186f0253f7eacdb97"},{"url":"https://git.kernel.org/stable/c/88c4bd90725557796c15878b7cb70066e9e6b5ab"}],"title":"firmware: thead: Fix buffer overflow and use standard endian macros","x_generator":{"engine":"bippy-1.2.0"}}}}