What is GHSA-whg2-hqg5-6ph3?

GHSA-whg2-hqg5-6ph3 is a security advisory published by GitHub Security Advisories with High severity. In the Linux kernel, the following vulnerability has been resolved: HID: bpf: prevent buffer...

Which CVE IDs does GHSA-whg2-hqg5-6ph3 cover?

GHSA-whg2-hqg5-6ph3 covers the following CVE IDs: CVE-2026-31401. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-whg2-hqg5-6ph3?

GHSA-whg2-hqg5-6ph3 has a CVSS v3 base score of 7.8, published by GitHub Security Advisories.

GHSA-whg2-hqg5-6ph3HighCVSS 7.8

In the Linux kernel, the following vulnerability has been resolved: HID: bpf: prevent buffer...

Vendor

GitHub Security Advisories

Published

April 3, 2026

Last Modified

May 20, 2026

🔗 CVE IDs covered (1)

CVE-2026-31401 →

📋 Description

In the Linux kernel, the following vulnerability has been resolved: HID: bpf: prevent buffer overflow in hid_hw_request right now the returned value is considered to be always valid. However, when playing with HID-BPF, the return value can be arbitrary big, because it's the return value of dispatch_hid_bpf_raw_requests(), which calls the struct_ops and we have no guarantees that the value makes sense.

🔗 References (6)

https://nvd.nist.gov/vuln/detail/CVE-2026-31401
https://git.kernel.org/stable/c/2b658c1c442ec1cd9eec5ead98d68662c40fe645
https://git.kernel.org/stable/c/73c5b5aea1c443239c8cb4191b4af7a4bd6fd7b1
https://git.kernel.org/stable/c/d6efaa50af62fb0790dd1fd4e7e5506b46312510
https://git.kernel.org/stable/c/eb57dae20fdf6f3069cdc07821fa3bb46de381d7
https://github.com/advisories/GHSA-whg2-hqg5-6ph3