CVE-2026-23178

The former can come from the userspace in the hidraw driver and is only bounded by HIDMAXBUFFER_SIZE(16384) by default (unless we also set max_buffer_size field of struct hid_ll_driver which we do not).

The latter has size determined at runtime by the maximum size of different report types you could receive on any particular device and can be a much smaller value.

Fix this by truncating recv_len to ihid->bufsize - sizeof(__le16).

The impact is low since access to hidraw devices requires root.

Database specific

{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/23xxx/CVE-2026-23178.json",
    "cna_assigner": "Linux"
}

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

85df713377ddc0482071c3e6b64c37bd1e48f1f1

Fixed

f9c9ad89d845f88a1509e9d672f65d234425fde9

Fixed

cff3f619fd1cb40cdd89971df9001f075613d219

Fixed

786ec171788bdf9dda38789163f1b1fbb47f2d1e

Fixed

2124279f1f8c32c1646ce98e75a1a39b23b7db76

Fixed

2497ff38c530b1af0df5130ca9f5ab22c5e92f29

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-23178.json"

Linux / Kernel

Package

Name: Kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

5.18.0

Fixed

6.1.163

Type: ECOSYSTEM
Events: Introduced

6.2.0

Fixed

6.6.124

Type: ECOSYSTEM
Events: Introduced

6.7.0

Fixed

6.12.70

Type: ECOSYSTEM
Events: Introduced

6.13.0

Fixed

6.18.10

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-23178.json"