← Back

CVE-2026-46232

nvd nist
Published: May 28, 2026Modified: Jun 10, 2026

JSON object

Loading...
8.1
Vector
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
Exploitability: 2.8 / Impact: 5.2
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (Secondary)

Description

In the Linux kernel, the following vulnerability has been resolved: HID: playstation: Clamp num_touch_reports A device would never lie about the number of touch reports would it? If it does the loop in dualshock4_parse_report will read off the end of the touch_reports array, up to about 2 KiB for the maximum number of 256 loop iteraions. The data that is read is emitted via evdev if the DS4_TOUCH_POINT_INACTIVE bit happens to be set. Protect against this by clamping the num_touch_reports value provided by the device to the maximum size of the touch_reports array.

Affected (7)

Products: Linux: Linux Kernel
Linux
1 product
Linux Kernel
Configuration A
7 vulnerable
Vulnerable SoftwareAffected Versions
Linux
Linux Kernel
From 6.13 to 6.18.32
Linux Kernel
From 6.19 to 7.0.9
Linux Kernel
From 6.2 to 6.6.140
Linux Kernel
From 6.7 to 6.12.90
Linux Kernel
Version 7.1 rc1
Linux Kernel
Version 7.1 rc2
Linux Kernel
Version 7.1 rc3

References (5)

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch

Timeline

No history available yet.