exploitDog

CVE-2026-43051

Опубликовано: 01 мая 2026

Источник: nvd

CVSS3: 8.1

EPSS Низкий

Описание

In the Linux kernel, the following vulnerability has been resolved:

HID: wacom: fix out-of-bounds read in wacom_intuos_bt_irq

The wacom_intuos_bt_irq() function processes Bluetooth HID reports without sufficient bounds checking. A maliciously crafted short report can trigger an out-of-bounds read when copying data into the wacom structure.

Specifically, report 0x03 requires at least 22 bytes to safely read the processed data and battery status, while report 0x04 (which falls through to 0x03) requires 32 bytes.

Add explicit length checks for these report IDs and log a warning if a short report is received.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 3.3 (включая) до 5.10.253 (исключая)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 5.11 (включая) до 5.15.203 (исключая)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 5.16 (включая) до 6.1.168 (исключая)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 6.2 (включая) до 6.6.134 (исключая)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 6.7 (включая) до 6.12.81 (исключая)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 6.13 (включая) до 6.18.22 (исключая)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 6.19 (включая) до 6.19.12 (исключая)

cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*

EPSS

Процентиль: 17%

0.00255

Низкий

8.1 High

CVSS3

Дефекты

CWE-125

Связанные уязвимости

CVE-2026-43051

CVSS3: 8.1

ubuntu

около 2 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: HID: wacom: fix out-of-bounds read in wacom_intuos_bt_irq The wacom_intuos_bt_irq() function processes Bluetooth HID reports without sufficient bounds checking. A maliciously crafted short report can trigger an out-of-bounds read when copying data into the wacom structure. Specifically, report 0x03 requires at least 22 bytes to safely read the processed data and battery status, while report 0x04 (which falls through to 0x03) requires 32 bytes. Add explicit length checks for these report IDs and log a warning if a short report is received.

CVE-2026-43051

CVSS3: 7.1

redhat

около 2 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: HID: wacom: fix out-of-bounds read in wacom_intuos_bt_irq The wacom_intuos_bt_irq() function processes Bluetooth HID reports without sufficient bounds checking. A maliciously crafted short report can trigger an out-of-bounds read when copying data into the wacom structure. Specifically, report 0x03 requires at least 22 bytes to safely read the processed data and battery status, while report 0x04 (which falls through to 0x03) requires 32 bytes. Add explicit length checks for these report IDs and log a warning if a short report is received.

CVE-2026-43051

CVSS3: 8.1

debian

около 2 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: H ...

GHSA-4mjh-m2x6-5qg4

CVSS3: 8.1

github

около 2 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: HID: wacom: fix out-of-bounds read in wacom_intuos_bt_irq The wacom_intuos_bt_irq() function processes Bluetooth HID reports without sufficient bounds checking. A maliciously crafted short report can trigger an out-of-bounds read when copying data into the wacom structure. Specifically, report 0x03 requires at least 22 bytes to safely read the processed data and battery status, while report 0x04 (which falls through to 0x03) requires 32 bytes. Add explicit length checks for these report IDs and log a warning if a short report is received.

RLSA-2026:21706

rocky

22 дня назад

Important: kernel security update

EPSS

Процентиль: 17%

0.00255

Низкий

8.1 High

CVSS3

Дефекты

CWE-125