CVE-2026-31624

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A flaw exists in the HID core where the s32ton() function performs a shift operation by n-1, with n being the report size provided directly by a HID device. Because the HID parser only limits report size to 256, a malfunctioning HID device can provide a report descriptor with a wide field. This triggers shift exponents up to 256 on a 32-bit type during the construction of an output report via hid output field() or hid set field(), leading to an undefined shift.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.