Skip to main content

Linux Kernel CVE-2026-43047

| EUVDEUVD-2026-26646 HIGH
Out-of-bounds Write (CWE-787)
2026-05-01 Linux
7.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.8 HIGH
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
SUSE
HIGH
qualitative
Red Hat
4.7 MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

7
Analysis Generated
May 03, 2026 - 07:38 vuln.today
CVSS changed
May 03, 2026 - 07:22 NVD
7.8 (HIGH)
Patch released
May 03, 2026 - 07:16 nvd
Patch available
Patch available
May 01, 2026 - 16:33 EUVD
EUVD ID Assigned
May 01, 2026 - 15:00 euvd
EUVD-2026-26646
Analysis Generated
May 01, 2026 - 15:00 vuln.today
CVE Published
May 01, 2026 - 14:15 nvd
HIGH 7.8

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

HID: multitouch: Check to ensure report responses match the request

It is possible for a malicious (or clumsy) device to respond to a specific report's feature request using a completely different report ID. This can cause confusion in the HID core resulting in nasty side-effects such as OOB writes.

Add a check to ensure that the report ID in the response, matches the one that was requested. If it doesn't, omit reporting the raw event and return early.

AnalysisAI

Out-of-bounds memory writes in Linux kernel HID multitouch driver allow local authenticated users to achieve code execution or crash systems via malicious USB/HID devices. The vulnerability exists in the HID multitouch report parsing logic where mismatched report IDs in feature requests can confuse the HID core. Vendor-released patches are available across multiple kernel versions (5.10.253, 5.15.203, 6.1.168, 6.6.134, 6.12.81, 6.18.22, 6.19.12, 7.0). EPSS score is low (0.02%, 7th percentile), indicating minimal observed exploitation attempts. No public exploit code identified at time of analysis.

Technical ContextAI

This vulnerability affects the Linux kernel's Human Interface Device (HID) subsystem, specifically the multitouch driver (drivers/hid/hid-multitouch.c). The HID protocol allows devices like touchscreens, tablets, and USB input peripherals to communicate with the kernel through standardized report descriptors. Each HID report has a unique report ID that identifies the data structure being exchanged. The flaw occurs when the kernel requests a feature report with a specific ID but a malicious device responds with a completely different report ID. The HID core lacks validation that the response matches the request, leading to type confusion where the kernel interprets the response data according to the wrong report descriptor structure. This mismatch causes the kernel to write data to incorrect memory offsets, resulting in out-of-bounds writes. The affected code path involves feature report handling in the HID multitouch driver, which processes touch input data from various manufacturers' hardware. The vulnerability has been present since the initial git import (commit 1da177e4c3f4), indicating it affects virtually all Linux kernel versions prior to patching.

RemediationAI

Update to patched Linux kernel versions immediately: 5.10.253+ for 5.10.x branch, 5.15.203+ for 5.15.x branch, 6.1.168+ for 6.1.x branch, 6.6.134+ for 6.6.x branch, 6.12.81+ for 6.12.x branch, 6.18.22+ for 6.18.x branch, 6.19.12+ for 6.19.x branch, or 7.0+ for mainline. Patches are available from https://git.kernel.org/stable/ with specific commits listed in references. For systems unable to immediately patch, implement USB device whitelisting through udev rules to allow only trusted vendor/product IDs, though this provides incomplete protection as compromised legitimate devices could still exploit the flaw. Disable unused HID drivers via kernel module blacklisting (modprobe.d configuration for hid-multitouch) if multitouch functionality is not required, though this breaks touchscreen/tablet support. Consider using USB port physical access controls or disabling USB ports entirely via BIOS on critical systems until patching is completed. No kernel runtime parameters or sysctl settings mitigate this vulnerability. Testing patches in non-production environments is recommended before deploying to production systems to verify compatibility with distribution-specific configurations.

Vendor StatusVendor

SUSE

Severity: High
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed

Share

CVE-2026-43047 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy