CVE-2026-43051
HID: wacom: fix out-of-bounds read in wacom_intuos_bt_irq
Vexday Risk Score
21Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 8.1EPSS 0.3%KEV nãoPoC —Nuclei —Metasploit —Patch —
Ciclo de vida
01 may 2026Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
In the Linux kernel, the following vulnerability has been resolved:
HID: wacom: fix out-of-bounds read in wacom_intuos_bt_irq
The wacom_intuos_bt_irq() function processes Bluetooth HID reports
without sufficient bounds checking. A maliciously crafted short report
can trigger an out-of-bounds read when copying data into the wacom
structure.
Specifically, report 0x03 requires at least 22 bytes to safely read
the processed data and battery status, while report 0x04 (which
falls through to 0x03) requires 32 bytes.
Add explicit length checks for these report IDs and log a warning if
a short report is received.
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
Productos afectados
Linux · LinuxReferencias
https://git.kernel.org/stable/c/2f1763f62909ccb6386ac50350fa0abbf5bb16a9https://git.kernel.org/stable/c/3d78386b144453c47e81bf62dc3601b757f02d99https://git.kernel.org/stable/c/41026bcc0fdf82605205c27935ef719cbc07193bhttps://git.kernel.org/stable/c/5b5b9730111808410e404ceac2fabd32eef92fbdhttps://git.kernel.org/stable/c/8bd690ac1242332c73cba10dacdad6c6642bbb94https://git.kernel.org/stable/c/c8dc23c97680eebefde06da5858aaef1b37cf75dhttps://git.kernel.org/stable/c/d0ae84b3c9f3ea1a564eb1b7612113ca9fe8aadahttps://git.kernel.org/stable/c/fa8901cb1f0b2113a342db93bd5684b59fe99dcf