CVE-2026-31625 - Vulnerability Details

- HID: alps: fix NULL pointer dereference in alps_raw_event()

Description

In the Linux kernel, the following vulnerability has been resolved:

HID: alps: fix NULL pointer dereference in alps_raw_event()

Commit ecfa6f34492c ("HID: Add HID_CLAIMED_INPUT guards in raw_event
callbacks missing them") attempted to fix up the HID drivers that had
missed the previous fix that was done in 2ff5baa9b527 ("HID: appleir:
Fix potential NULL dereference at raw event handle"), but the alps
driver was missed.

Fix this up by properly checking in the hid-alps driver that it had been
claimed correctly before attempting to process the raw event.

Published: 2026-04-24

Score: 5.5 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

A NULL pointer dereference occurs in the Linux kernel’s alps HID driver when it processes a raw event that has not been claimed. The flaw, classified as CWE‑476, can lead to a kernel crash or panic, effectively denying service for the system. The vendor added a guard in commit ecfa6f34492c to ensure the device is properly claimed before processing, preventing the dereference. Based on the description, it is inferred that an attacker could trigger the problematic raw event by sending crafted HID traffic to the device, which would yield the crash.

Affected Systems

Any Linux installation that contains the alps HID driver and has not yet incorporated the guard from commit ecfa6f34492c is vulnerable. This includes all kernel releases before that commit, affecting generic Linux distributions that include the alps driver module. The vulnerability affects only the kernel, not user‑space applications.

Risk and Exploitability

The CVSS base score of 5.5 indicates a moderate severity. The EPSS score is less than 1 %, suggesting a low likelihood of exploitation. The vulnerability is not listed in the CISA KEV catalog, and the fix removes a local denial‑of‑service vector; exploitation would require local access that can deliver raw HID events to the affected driver. Based on the description, it is inferred that the attack vector is local and requires the ability to send arbitrary HID reports to the device.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`73196ebe134d11a68a2e27814c489d685cfc8b03`	affected	< c8cc765253ad89ccc106a7bdeb5aeac6cf963078
`73196ebe134d11a68a2e27814c489d685cfc8b03`	affected	< 8eed7bce7a4c41ab28ee4891103623a12fd41611
`73196ebe134d11a68a2e27814c489d685cfc8b03`	affected	< 0091dfa542a362c178a7e9393097138a57d327d1
`73196ebe134d11a68a2e27814c489d685cfc8b03`	affected	< 4b618248d2307a219d9431a730cfe1156c8e3386
`73196ebe134d11a68a2e27814c489d685cfc8b03`	affected	< ee2cb3ddfdca949dbc0c3f796ed5a439f0efc9f6
`73196ebe134d11a68a2e27814c489d685cfc8b03`	affected	< 1badfc4319224820d5d890f8eab6aa52e4e83339

Linux

affected

Version	Status	Constraints
`4.15`	affected	—
`0`	unaffected	< 4.15
`6.6.136`	unaffected	≤ 6.6.*
`6.12.83`	unaffected	≤ 6.12.*
`6.18.24`	unaffected	≤ 6.18.*
`6.19.14`	unaffected	≤ 6.19.*
`7.0.1`	unaffected	≤ 7.0.*
`7.1-rc1`	unaffected	≤ *

Configuration 1 [-]

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

No data.

Vendor Product Confidence Versions

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[73196ebe134d11a68a2e27814c489d685cfc8b03,c8cc765253ad89ccc106a7bdeb5aeac6cf963078)`	affected	code_commit	—
`[73196ebe134d11a68a2e27814c489d685cfc8b03,8eed7bce7a4c41ab28ee4891103623a12fd41611)`	affected	code_commit	—
`[73196ebe134d11a68a2e27814c489d685cfc8b03,0091dfa542a362c178a7e9393097138a57d327d1)`	affected	code_commit	—
`[73196ebe134d11a68a2e27814c489d685cfc8b03,4b618248d2307a219d9431a730cfe1156c8e3386)`	affected	code_commit	—
`[73196ebe134d11a68a2e27814c489d685cfc8b03,ee2cb3ddfdca949dbc0c3f796ed5a439f0efc9f6)`	affected	code_commit	—
`[73196ebe134d11a68a2e27814c489d685cfc8b03,1badfc4319224820d5d890f8eab6aa52e4e83339)`	affected	code_commit	—

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`4.15`	affected	generic	—
`[0,4.15)`	unaffected	generic	—
`[6.6.136,6.7.0)`	unaffected	generic	—
`[6.12.83,6.13.0)`	unaffected	generic	—
`[6.18.24,6.19.0)`	unaffected	generic	—
`[6.19.14,6.20.0)`	unaffected	generic	—
`[7.0.1,8.0.0)`	unaffected	generic	—
`[7.1-rc1,*]`	unaffected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Update the Linux kernel to a revision that includes commit ecfa6f34492c or apply the patch manually to the alps driver.
If an update is not immediately possible, disable the alps HID driver (e.g., blacklist it via modprobe.d or remove the module with modprobe -r).
Monitor kernel logs such as dmesg and system log files for signs of HID‑related crashes and apply the fix as soon as feasible.

Generated by OpenCVE AI on April 28, 2026 at 13:57 UTC.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
Debian DSA	DSA-6238-1	linux security update

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00013.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/0091dfa542a362c178a7e9393097138a57d327d1
https://git.kernel.org/stable/c/1badfc4319224820d5d890f8eab6aa52e4e83339
https://git.kernel.org/stable/c/4b618248d2307a219d9431a730cfe1156c8e3386
https://git.kernel.org/stable/c/8eed7bce7a4c41ab28ee4891103623a12fd41611
https://git.kernel.org/stable/c/c8cc765253ad89ccc106a7bdeb5aeac6cf963078
https://git.kernel.org/stable/c/ee2cb3ddfdca949dbc0c3f796ed5a439f0efc9f6
https://lore.kernel.org/linux-cve-announce/2026042427-CVE-2026-31625-71c1@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2026-31625
https://www.cve.org/CVERecord?id=CVE-2026-31625

History

Mon, 27 Apr 2026 21:15:00 +0000

Type	Values Removed	Values Added
Metrics	cvssV3_1 `{'score': 7.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}`	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}`

Mon, 27 Apr 2026 14:15:00 +0000

Type	Values Removed	Values Added
References		https://git.kernel.org/stable/c/c8cc765253ad89ccc106a7bdeb5aeac6cf963078

Mon, 27 Apr 2026 11:30:00 +0000

Type	Values Removed	Values Added
References		https://git.kernel.org/stable/c/1badfc4319224820d5d890f8eab6aa52e4e83339

Sat, 25 Apr 2026 00:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-476
References		https://lore.kernel.org/linux-cve-announce/2026042427-CVE-2026-31625-71c1@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2026-31625 https://www.cve.org/CVERecord?id=CVE-2026-31625
Metrics	threat_severity `None`	cvssV3_1 `{'score': 7.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}` threat_severity `Moderate`

Fri, 24 Apr 2026 15:00:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: HID: alps: fix NULL pointer dereference in alps_raw_event() Commit ecfa6f34492c ("HID: Add HID_CLAIMED_INPUT guards in raw_event callbacks missing them") attempted to fix up the HID drivers that had missed the previous fix that was done in 2ff5baa9b527 ("HID: appleir: Fix potential NULL dereference at raw event handle"), but the alps driver was missed. Fix this up by properly checking in the hid-alps driver that it had been claimed correctly before attempting to process the raw event.
Title		HID: alps: fix NULL pointer dereference in alps_raw_event()
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/0091dfa542a362c178a7e9393097138a57d327d1 https://git.kernel.org/stable/c/4b618248d2307a219d9431a730cfe1156c8e3386 https://git.kernel.org/stable/c/8eed7bce7a4c41ab28ee4891103623a12fd41611 https://git.kernel.org/stable/c/ee2cb3ddfdca949dbc0c3f796ed5a439f0efc9f6

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-04-24T14:42:42.481Z

Updated: 2026-05-11T22:12:25.715Z

Reserved: 2026-03-09T15:48:24.124Z

Link: CVE-2026-31625

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2026-04-24T15:16:41.807

Modified: 2026-04-27T21:14:33.073

Link: CVE-2026-31625

Redhat

Severity : Moderate

Publid Date: 2026-04-24T00:00:00Z

Links: CVE-2026-31625 - Bugzilla

OpenCVE Enrichment

Updated: 2026-04-28T14:00:16Z

Weaknesses

CWE-476

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object