Description
In the Linux kernel, the following vulnerability has been resolved:

firmware: thead: Fix buffer overflow and use standard endian macros

Addresses two issues in the TH1520 AON firmware protocol driver:

1. Fix a potential buffer overflow where the code used unsafe pointer
arithmetic to access the 'mode' field through the 'resource' pointer
with an offset. This was flagged by Smatch static checker as:
"buffer overflow 'data' 2 <= 3"

2. Replace custom RPC_SET_BE* and RPC_GET_BE* macros with standard
kernel endianness conversion macros (cpu_to_be16, etc.) for better
portability and maintainability.

The functionality was re-tested with the GPU power-up sequence,
confirming the GPU powers up correctly and the driver probes
successfully.

[ 12.702370] powervr ffef400000.gpu: [drm] loaded firmware
powervr/rogue_36.52.104.182_v1.fw
[ 12.711043] powervr ffef400000.gpu: [drm] FW version v1.0 (build
6645434 OS)
[ 12.719787] [drm] Initialized powervr 1.0.0 for ffef400000.gpu on
minor 0
Published: 2026-04-27
Score: 7.8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A buffer overflow in the TH1520 AON firmware protocol driver can cause the kernel to write out of bounds when accessing the 'mode' field through an unsafe pointer arithmetic offset. This flaw classifies as a buffer overflow (CWE‑787, CWE‑823) and could allow a local attacker to corrupt kernel memory, potentially gaining arbitrary code execution or escalating privileges. The fix replaces unsafe pointer usage with safe calculations and swaps custom endianness macros for the kernel’s portable conversion functions, improving reliability and security. The vulnerability was identified by the Smatch static checker and has already been patched in the upstream kernel.

Affected Systems

The flaw affects all Linux kernel builds that include the TH1520 driver before the patch. No specific release version is listed, but any kernel incorporating the original firmware protocol path in the kernel source subtree is implicated. Updates to the firmware driver and the kernel itself are required to remediate the issue.

Risk and Exploitability

The CVSS score of 7.8 indicates high severity, but the EPSS score is less than 1%, and the vulnerability is not listed in the CISA KEV catalog, indicating no known active exploit. The likely attack vector is local, requiring interaction with the kernel driver (e.g., loading firmware), and the vulnerability would need an attacker to trigger the specific buffer overflow condition. With these constraints, the overall risk remains high but the exploitation probability is very low.

Generated by OpenCVE AI on May 6, 2026 at 19:30 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the Linux kernel to a version that includes the patch from commit 88c4bd90725557796c15878b7cb70066e9e6b5ab (or the referenced revisions) in the kernel Git repository
  • If an immediate kernel update is not possible, disable or unload the TH1520 AON firmware driver to prevent exploitation of the buffer overflow
  • Ensure that any firmware loaded for the TH1520 device originates from a trusted vendor and avoid loading unverified firmware

Generated by OpenCVE AI on May 6, 2026 at 19:30 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 06 May 2026 18:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-787
CPEs cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc7:*:*:*:*:*:*
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Wed, 29 Apr 2026 03:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-120

Wed, 29 Apr 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-823
References

Tue, 28 Apr 2026 20:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-120

Mon, 27 Apr 2026 18:00:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: firmware: thead: Fix buffer overflow and use standard endian macros Addresses two issues in the TH1520 AON firmware protocol driver: 1. Fix a potential buffer overflow where the code used unsafe pointer arithmetic to access the 'mode' field through the 'resource' pointer with an offset. This was flagged by Smatch static checker as: "buffer overflow 'data' 2 <= 3" 2. Replace custom RPC_SET_BE* and RPC_GET_BE* macros with standard kernel endianness conversion macros (cpu_to_be16, etc.) for better portability and maintainability. The functionality was re-tested with the GPU power-up sequence, confirming the GPU powers up correctly and the driver probes successfully. [ 12.702370] powervr ffef400000.gpu: [drm] loaded firmware powervr/rogue_36.52.104.182_v1.fw [ 12.711043] powervr ffef400000.gpu: [drm] FW version v1.0 (build 6645434 OS) [ 12.719787] [drm] Initialized powervr 1.0.0 for ffef400000.gpu on minor 0
Title firmware: thead: Fix buffer overflow and use standard endian macros
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-11T22:13:45.476Z

Reserved: 2026-03-09T15:48:24.131Z

Link: CVE-2026-31690

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-04-27T18:16:54.507

Modified: 2026-05-06T18:32:01.673

Link: CVE-2026-31690

cve-icon Redhat

Severity :

Publid Date: 2026-04-27T00:00:00Z

Links: CVE-2026-31690 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-06T19:45:10Z

Weaknesses