{"id":"CVE-2026-31625","summary":"HID: alps: fix NULL pointer dereference in alps_raw_event()","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nHID: alps: fix NULL pointer dereference in alps_raw_event()\n\nCommit ecfa6f34492c (\"HID: Add HID_CLAIMED_INPUT guards in raw_event\ncallbacks missing them\") attempted to fix up the HID drivers that had\nmissed the previous fix that was done in 2ff5baa9b527 (\"HID: appleir:\nFix potential NULL dereference at raw event handle\"), but the alps\ndriver was missed.\n\nFix this up by properly checking in the hid-alps driver that it had been\nclaimed correctly before attempting to process the raw event.","modified":"2026-07-08T07:01:41.026217250Z","published":"2026-04-24T14:42:42.481Z","related":["CGA-xrhv-c7g8-hvfm","openSUSE-SU-2026:10703-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/31xxx/CVE-2026-31625.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/0091dfa542a362c178a7e9393097138a57d327d1"},{"type":"WEB","url":"https://git.kernel.org/stable/c/1badfc4319224820d5d890f8eab6aa52e4e83339"},{"type":"WEB","url":"https://git.kernel.org/stable/c/4b618248d2307a219d9431a730cfe1156c8e3386"},{"type":"WEB","url":"https://git.kernel.org/stable/c/56850666bb5dcf7a13d76c5d02864813e17ee537"},{"type":"WEB","url":"https://git.kernel.org/stable/c/72516a8d7fe247fd895424bab87952f105a0c255"},{"type":"WEB","url":"https://git.kernel.org/stable/c/8eed7bce7a4c41ab28ee4891103623a12fd41611"},{"type":"WEB","url":"https://git.kernel.org/stable/c/c8cc765253ad89ccc106a7bdeb5aeac6cf963078"},{"type":"WEB","url":"https://git.kernel.org/stable/c/cc411e4823d8bfa23327d9989a0fa4e0ce76aebe"},{"type":"WEB","url":"https://git.kernel.org/stable/c/ee2cb3ddfdca949dbc0c3f796ed5a439f0efc9f6"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/31xxx/CVE-2026-31625.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-31625"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"73196ebe134d11a68a2e27814c489d685cfc8b03"},{"fixed":"56850666bb5dcf7a13d76c5d02864813e17ee537"},{"fixed":"72516a8d7fe247fd895424bab87952f105a0c255"},{"fixed":"cc411e4823d8bfa23327d9989a0fa4e0ce76aebe"},{"fixed":"c8cc765253ad89ccc106a7bdeb5aeac6cf963078"},{"fixed":"8eed7bce7a4c41ab28ee4891103623a12fd41611"},{"fixed":"0091dfa542a362c178a7e9393097138a57d327d1"},{"fixed":"4b618248d2307a219d9431a730cfe1156c8e3386"},{"fixed":"ee2cb3ddfdca949dbc0c3f796ed5a439f0efc9f6"},{"fixed":"1badfc4319224820d5d890f8eab6aa52e4e83339"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-31625.json"}},{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"4.15.0"},{"fixed":"5.10.258"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.11.0"},{"fixed":"5.15.209"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.16.0"},{"fixed":"6.1.175"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.2.0"},{"fixed":"6.6.136"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.7.0"},{"fixed":"6.12.83"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.13.0"},{"fixed":"6.18.24"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.19.0"},{"fixed":"6.19.14"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.20.0"},{"fixed":"7.0.1"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-31625.json"}}],"schema_version":"1.7.5"}