CVE-2026-23178

Description

In the Linux kernel, the following vulnerability has been resolved:HID: i2c-hid: fix potential buffer overflow in i2c_hid_get_report()i2c_hid_xfer is used to read recv_len + sizeof(__le16) bytes of datainto ihid->rawbuf.The former can come from the userspace in the hidraw driver and is onlybounded by HID_MAX_BUFFER_SIZE(16384) by default (unless we also setmax_buffer_size field of struct hid_ll_driver which we do not).The latter has size determined at runtime by the maximum size ofdifferent report types you could receive on any particular device andcan be a much smaller value.Fix this by truncating recv_len to ihid->bufsize - sizeof(__le16).The impact is low since access to hidraw devices requires root.

Risk Information

Base Score

7.8

MODERATE

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score

Exploitation Probability

0.045

Associated Vulnerability

No records found

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234