Bug 2463258 (CVE-2026-31690) - CVE-2026-31690 kernel: firmware: thead: Fix buffer overflow and use standard endian macros
Summary: CVE-2026-31690 kernel: firmware: thead: Fix buffer overflow and use standard ...
Keywords:
Status: NEW
Alias: CVE-2026-31690
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
unspecified
unspecified
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2026-04-27 18:23 UTC by OSIDB Bzimport
Modified: 2026-04-28 14:42 UTC (History)
2 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)

Description OSIDB Bzimport 2026-04-27 18:23:21 UTC 
In the Linux kernel, the following vulnerability has been resolved:

firmware: thead: Fix buffer overflow and use standard endian macros

Addresses two issues in the TH1520 AON firmware protocol driver:

1. Fix a potential buffer overflow where the code used unsafe pointer
   arithmetic to access the 'mode' field through the 'resource' pointer
   with an offset. This was flagged by Smatch static checker as:
   "buffer overflow 'data' 2 <= 3"

2. Replace custom RPC_SET_BE* and RPC_GET_BE* macros with standard
   kernel endianness conversion macros (cpu_to_be16, etc.) for better
   portability and maintainability.

The functionality was re-tested with the GPU power-up sequence,
confirming the GPU powers up correctly and the driver probes
successfully.

[   12.702370] powervr ffef400000.gpu: [drm] loaded firmware
powervr/rogue_36.52.104.182_v1.fw
[   12.711043] powervr ffef400000.gpu: [drm] FW version v1.0 (build
6645434 OS)
[   12.719787] [drm] Initialized powervr 1.0.0 for ffef400000.gpu on
minor 0
Comment 1 Keith Grant 2026-04-27 22:21:33 UTC 
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2026042757-CVE-2026-31690-018e@gregkh/T
Note You need to log in before you can comment on or make changes to this bug.