{
  "affected": [
    {
      "ranges": [
        {
          "events": [
            {
              "introduced": "e4b3cbd840e565484d0ad8d260d27c057466ed17"
            },
            {
              "fixed": "fbdb43f6bb2a15ed382d6eb0ef82c8b07b0d47bb"
            },
            {
              "fixed": "bd15a5deb5a7251dc1a0cf9186f0253f7eacdb97"
            },
            {
              "fixed": "88c4bd90725557796c15878b7cb70066e9e6b5ab"
            }
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "type": "GIT"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Linux",
        "name": "Kernel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "6.15.0"
            },
            {
              "fixed": "6.18.23"
            }
          ],
          "type": "ECOSYSTEM"
        },
        {
          "events": [
            {
              "introduced": "6.19.0"
            },
            {
              "fixed": "6.19.13"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "database_specific": {
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/31xxx/CVE-2026-31690.json"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nfirmware: thead: Fix buffer overflow and use standard endian macros\n\nAddresses two issues in the TH1520 AON firmware protocol driver:\n\n1. Fix a potential buffer overflow where the code used unsafe pointer\n   arithmetic to access the 'mode' field through the 'resource' pointer\n   with an offset. This was flagged by Smatch static checker as:\n   \"buffer overflow 'data' 2 \u003c= 3\"\n\n2. Replace custom RPC_SET_BE* and RPC_GET_BE* macros with standard\n   kernel endianness conversion macros (cpu_to_be16, etc.) for better\n   portability and maintainability.\n\nThe functionality was re-tested with the GPU power-up sequence,\nconfirming the GPU powers up correctly and the driver probes\nsuccessfully.\n\n[   12.702370] powervr ffef400000.gpu: [drm] loaded firmware\npowervr/rogue_36.52.104.182_v1.fw\n[   12.711043] powervr ffef400000.gpu: [drm] FW version v1.0 (build\n6645434 OS)\n[   12.719787] [drm] Initialized powervr 1.0.0 for ffef400000.gpu on\nminor 0",
  "id": "CVE-2026-31690",
  "modified": "2026-07-08T05:38:15.429057360Z",
  "published": "2026-04-27T17:34:28.738Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/88c4bd90725557796c15878b7cb70066e9e6b5ab"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/bd15a5deb5a7251dc1a0cf9186f0253f7eacdb97"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/fbdb43f6bb2a15ed382d6eb0ef82c8b07b0d47bb"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/31xxx/CVE-2026-31690.json"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31690"
    },
    {
      "type": "PACKAGE",
      "url": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"
    }
  ],
  "schema_version": "1.7.5",
  "summary": "firmware: thead: Fix buffer overflow and use standard endian macros"
}