CVE-2026-43047
Published: May 1, 2026
Modified: May 23, 2026
CVSS v3.1
7.8
Description
In the Linux kernel, the following vulnerability has been resolved: HID: multitouch: Check to ensure report responses match the request It is possible for a malicious (or clumsy) device to respond to a specific report's feature request using a completely different report ID. This can cause confusion in the HID core resulting in nasty side-effects such as OOB writes. Add a check to ensure that the report ID in the response, matches the one that was requested. If it doesn't, omit reporting the raw event and return early.
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected 6d4f5440a3a2bb2e9d0d582bbf98234e9e9bb095 - < 516da3f25cfe18643835af1cf09b0e9ffc36c383affected 6d4f5440a3a2bb2e9d0d582bbf98234e9e9bb095 - < a61163daf8a90b4a7ef154d5fc9c525f665734e3affected 6d4f5440a3a2bb2e9d0d582bbf98234e9e9bb095 - < 74c6015375d8b9bc1b1eb79f20636c8e894bcad7affected 6d4f5440a3a2bb2e9d0d582bbf98234e9e9bb095 - < c7a27bb4d0f6573ca0f9c7ef0b63291486239190affected 6d4f5440a3a2bb2e9d0d582bbf98234e9e9bb095 - < 6a4acd3e86fe5584050c213d95147eba33856033+5 more versions |
Linux | Linux | affected 4.4unaffected 0 - < 4.4unaffected 5.10.253 - <= 5.10.*unaffected 5.15.203 - <= 5.15.*unaffected 6.1.168 - <= 6.1.*+5 more versions |
CVSS v3.1 Details
CVSS v3.1 Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now