{"id":"CVE-2026-31690","summary":"firmware: thead: Fix buffer overflow and use standard endian macros","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nfirmware: thead: Fix buffer overflow and use standard endian macros\n\nAddresses two issues in the TH1520 AON firmware protocol driver:\n\n1. Fix a potential buffer overflow where the code used unsafe pointer\n   arithmetic to access the 'mode' field through the 'resource' pointer\n   with an offset. This was flagged by Smatch static checker as:\n   \"buffer overflow 'data' 2 \u003c= 3\"\n\n2. Replace custom RPC_SET_BE* and RPC_GET_BE* macros with standard\n   kernel endianness conversion macros (cpu_to_be16, etc.) for better\n   portability and maintainability.\n\nThe functionality was re-tested with the GPU power-up sequence,\nconfirming the GPU powers up correctly and the driver probes\nsuccessfully.\n\n[   12.702370] powervr ffef400000.gpu: [drm] loaded firmware\npowervr/rogue_36.52.104.182_v1.fw\n[   12.711043] powervr ffef400000.gpu: [drm] FW version v1.0 (build\n6645434 OS)\n[   12.719787] [drm] Initialized powervr 1.0.0 for ffef400000.gpu on\nminor 0","modified":"2026-07-08T08:06:21.815605861Z","published":"2026-04-27T17:34:28.738Z","database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/31xxx/CVE-2026-31690.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/88c4bd90725557796c15878b7cb70066e9e6b5ab"},{"type":"WEB","url":"https://git.kernel.org/stable/c/bd15a5deb5a7251dc1a0cf9186f0253f7eacdb97"},{"type":"WEB","url":"https://git.kernel.org/stable/c/fbdb43f6bb2a15ed382d6eb0ef82c8b07b0d47bb"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/31xxx/CVE-2026-31690.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-31690"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"e4b3cbd840e565484d0ad8d260d27c057466ed17"},{"fixed":"fbdb43f6bb2a15ed382d6eb0ef82c8b07b0d47bb"},{"fixed":"bd15a5deb5a7251dc1a0cf9186f0253f7eacdb97"},{"fixed":"88c4bd90725557796c15878b7cb70066e9e6b5ab"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-31690.json"}},{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"6.15.0"},{"fixed":"6.18.23"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.19.0"},{"fixed":"6.19.13"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-31690.json"}}],"schema_version":"1.7.5"}