CVE-2026-31690

Source
https://cve.org/CVERecord?id=CVE-2026-31690
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-31690.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-31690
Downstream
Published
2026-04-27T17:34:28.738Z
Modified
2026-07-08T08:06:21.815605861Z
Summary
firmware: thead: Fix buffer overflow and use standard endian macros
Details

In the Linux kernel, the following vulnerability has been resolved:

firmware: thead: Fix buffer overflow and use standard endian macros

Addresses two issues in the TH1520 AON firmware protocol driver:

  1. Fix a potential buffer overflow where the code used unsafe pointer arithmetic to access the 'mode' field through the 'resource' pointer with an offset. This was flagged by Smatch static checker as: "buffer overflow 'data' 2 <= 3"

  2. Replace custom RPCSETBE* and RPCGETBE* macros with standard kernel endianness conversion macros (cputobe16, etc.) for better portability and maintainability.

The functionality was re-tested with the GPU power-up sequence, confirming the GPU powers up correctly and the driver probes successfully.

[ 12.702370] powervr ffef400000.gpu: [drm] loaded firmware powervr/rogue36.52.104.182v1.fw [ 12.711043] powervr ffef400000.gpu: [drm] FW version v1.0 (build 6645434 OS) [ 12.719787] [drm] Initialized powervr 1.0.0 for ffef400000.gpu on minor 0

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/31xxx/CVE-2026-31690.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
e4b3cbd840e565484d0ad8d260d27c057466ed17
Fixed
fbdb43f6bb2a15ed382d6eb0ef82c8b07b0d47bb
Fixed
bd15a5deb5a7251dc1a0cf9186f0253f7eacdb97
Fixed
88c4bd90725557796c15878b7cb70066e9e6b5ab

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-31690.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.15.0
Fixed
6.18.23
Type
ECOSYSTEM
Events
Introduced
6.19.0
Fixed
6.19.13

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-31690.json"