CVE-2026-43047

HIGH

HID: multitouch: Check to ensure report responses match the request

Title source: cna
STIX 2.1

Description

In the Linux kernel, the following vulnerability has been resolved: HID: multitouch: Check to ensure report responses match the request It is possible for a malicious (or clumsy) device to respond to a specific report's feature request using a completely different report ID. This can cause confusion in the HID core resulting in nasty side-effects such as OOB writes. Add a check to ensure that the report ID in the response, matches the one that was requested. If it doesn't, omit reporting the raw event and return early.

Scores

CVSS v3 7.8
EPSS 0.0012
EPSS Percentile 2.2%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-787
Status published
Products (38)
linux/Kernel 4.4.0 - 5.10.253linux
linux/Kernel 5.11.0 - 5.15.203linux
linux/Kernel 5.16.0 - 6.1.168linux
linux/Kernel 6.13.0 - 6.18.22linux
linux/Kernel 6.19.0 - 6.19.12linux
linux/Kernel 6.2.0 - 6.6.134linux
linux/Kernel 6.7.0 - 6.12.81linux
Linux/Linux < 4.4
Linux/Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - 2edc92f89eee328b5be5706b5d431bf90669e9c0
Linux/Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - 516da3f25cfe18643835af1cf09b0e9ffc36c383
... and 28 more
Published May 01, 2026
Tracked Since May 01, 2026