Skip to main content

Linux Kernel EUVDEUVD-2026-26650

| CVE-2026-43051 HIGH
Out-of-bounds Read (CWE-125)
2026-05-01 Linux
8.1
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.1 HIGH
AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
SUSE
HIGH
qualitative
Red Hat
7.1 MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
High

Lifecycle Timeline

7
Analysis Generated
May 03, 2026 - 07:39 vuln.today
CVSS changed
May 03, 2026 - 07:22 NVD
8.1 (HIGH)
Patch released
May 03, 2026 - 07:16 nvd
Patch available
Patch available
May 01, 2026 - 16:33 EUVD
EUVD ID Assigned
May 01, 2026 - 15:00 euvd
EUVD-2026-26650
Analysis Generated
May 01, 2026 - 15:00 vuln.today
CVE Published
May 01, 2026 - 14:15 nvd
HIGH 8.1

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

HID: wacom: fix out-of-bounds read in wacom_intuos_bt_irq

The wacom_intuos_bt_irq() function processes Bluetooth HID reports without sufficient bounds checking. A maliciously crafted short report can trigger an out-of-bounds read when copying data into the wacom structure.

Specifically, report 0x03 requires at least 22 bytes to safely read the processed data and battery status, while report 0x04 (which falls through to 0x03) requires 32 bytes.

Add explicit length checks for these report IDs and log a warning if a short report is received.

AnalysisAI

An out-of-bounds read vulnerability in the Linux kernel's Wacom HID driver (wacom_intuos_bt_irq function) allows adjacent network attackers to cause information disclosure or denial of service through maliciously crafted short Bluetooth HID reports. The vulnerability affects the Bluetooth interface of Wacom Intuos tablets, where report types 0x03 and 0x04 are processed without validating minimum lengths (22 and 32 bytes respectively), enabling memory reads beyond buffer boundaries. Patches are available across multiple stable kernel versions (5.10.253, 5.15.203, 6.1.168, 6.6.134, 6.12.81, 6.18.22, 6.19.12, 7.0) with no active exploitation confirmed (EPSS 0.02%, not in CISA KEV).

Technical ContextAI

This vulnerability resides in the HID (Human Interface Device) subsystem of the Linux kernel, specifically in the Wacom tablet driver's Bluetooth report handler (wacom_intuos_bt_irq). The affected code processes raw HID reports received over Bluetooth connections from Wacom Intuos-series tablets. Report type 0x03 contains processed data and battery status requiring minimum 22 bytes, while report type 0x04 (which falls through to 0x03 processing) requires 32 bytes. Without validating report length before memcpy or direct data access operations, truncated reports cause the driver to read beyond the allocated buffer into adjacent kernel memory. This represents a classic buffer over-read vulnerability where input validation failures on externally-controlled data sizes lead to unintended memory disclosure. The CPE strings indicate broad impact across Linux kernel versions from the initial git commit (1da177e4c3f41524e886b7f1b8a0c1fc7321cac2) through current releases, affecting both mainline and long-term support branches.

RemediationAI

Apply vendor-supplied kernel updates to the following patched versions: 5.10.253 for 5.10.x branch, 5.15.203 for 5.15.x branch, 6.1.168 for 6.1.x branch, 6.6.134 for 6.6.x branch, 6.12.81 for 6.12.x branch, 6.18.22 for 6.18.x branch, 6.19.12 for 6.19.x branch, or upgrade to mainline kernel 7.0 or later. Upstream fixes are documented at https://git.kernel.org/stable/c/d0ae84b3c9f3ea1a564eb1b7612113ca9fe8aada and related commits in the references. If immediate patching is not feasible, disable Bluetooth support for HID devices (echo 'blacklist hid_wacom' >> /etc/modprobe.d/blacklist.conf and modprobe -r hid_wacom) as a temporary workaround, though this will prevent Wacom tablet functionality over Bluetooth. Alternatively, disable Bluetooth entirely (systemctl stop bluetooth && systemctl disable bluetooth) if not business-critical, eliminating the adjacent network attack vector. Note that disabling Bluetooth impacts all Bluetooth peripherals system-wide. For systems requiring Wacom tablet support, restrict Bluetooth pairing to trusted devices only and ensure physical security of the Bluetooth-accessible perimeter, though these controls do not prevent exploitation if an attacker gains physical proximity.

Vendor StatusVendor

SUSE

Severity: High
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed

Share

EUVD-2026-26650 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy