CVE-2026-43047
Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved:
HID: multitouch: Check to ensure report responses match the request
It is possible for a malicious (or clumsy) device to respond to a
specific report's feature request using a completely different report
ID. This can cause confusion in the HID core resulting in nasty
side-effects such as OOB writes.
Add a check to ensure that the report ID in the response, matches the
one that was requested. If it doesn't, omit reporting the raw event and
return early.
HID: multitouch: Check to ensure report responses match the request
It is possible for a malicious (or clumsy) device to respond to a
specific report's feature request using a completely different report
ID. This can cause confusion in the HID core resulting in nasty
side-effects such as OOB writes.
Add a check to ensure that the report ID in the response, matches the
one that was requested. If it doesn't, omit reporting the raw event and
return early.
Vulnerability Details
Published Date
Last Modified
Source
NVD
Vendor
Linux
Product
Linux
External References
- https://git.kernel.org/stable/c/2edc92f89eee328b5be5706b5d431bf90669e9c0
- https://git.kernel.org/stable/c/516da3f25cfe18643835af1cf09b0e9ffc36c383
- https://git.kernel.org/stable/c/6a4acd3e86fe5584050c213d95147eba33856033
- https://git.kernel.org/stable/c/74c6015375d8b9bc1b1eb79f20636c8e894bcad7
- https://git.kernel.org/stable/c/7f66fdbc077faed3b52519228d21d81979e92249
- https://git.kernel.org/stable/c/a61163daf8a90b4a7ef154d5fc9c525f665734e3
- https://git.kernel.org/stable/c/c7a27bb4d0f6573ca0f9c7ef0b63291486239190
- https://git.kernel.org/stable/c/e716edafedad4952fe3a4a273d2e039a84e8681a
Discussion (0)
Add Comment
No comments yet. Be the first!