Description
In the Linux kernel, the following vulnerability has been resolved:

HID: Intel-thc-hid: Intel-thc: Add safety check for reading DMA buffer

Add DMA buffer readiness check before reading DMA buffer to avoid
unexpected NULL pointer accessing.
Published: 2026-02-14
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Patch Kernel
AI Analysis

Impact

A null pointer dereference occurs in the Intel-thc HID driver when the code reads a DMA buffer that may not be ready. The vulnerability allows a kernel crash, which can lead to a system reboot or denial of service. The weakness is a classic null pointer dereference (CWE‑476). The likely attack vector is a specially crafted HID device that can trigger the driver to read an uninitialized buffer, but the description itself does not specify the exploitation method, so this inference is based on typical HID driver behavior.

Affected Systems

The affected product is the Linux kernel. Specifically, release candidate versions 6.19.rc1 through 6.19.rc4 on all Linux platforms are impacted, as identified by the CVE advisory. No other vendors or products are listed.

Risk and Exploitability

The CVSS score of 5.5 indicates moderate severity. The EPSS score of less than 1% shows a very low probability of exploitation. The vulnerability is not currently listed in the CISA KEV catalog, suggesting no widespread, actively exploited incidents are known. Practical exploitation would likely require proximity or physical access to the vulnerable device, making it most relevant to environments that allow untrusted HID devices. Updating to a patched kernel mitigates the risk effectively.

Generated by OpenCVE AI on April 18, 2026 at 12:13 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest kernel release that includes the update (e.g., Linux kernel 6.19.5 or newer).
  • Until the kernel can be updated, disable or restrict the Intel‑thc HID device, for example by blacklisting the module or configuring udev rules to prevent the device from loading.
  • Enable kernel crash dumping and monitor dmesg or system logs for null‑pointer dereference errors to detect any attempts to trigger the bug.

Generated by OpenCVE AI on April 18, 2026 at 12:13 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 19 Mar 2026 18:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-476
CPEs cpe:2.3:o:linux:linux_kernel:6.19:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.19:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.19:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.19:rc4:*:*:*:*:*:*
Metrics cvssV3_1

{'score': 7.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}

 cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

Tue, 17 Feb 2026 00:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 cvssV3_1

{'score': 7.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}

threat_severity

Important

Sat, 14 Feb 2026 16:45:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: HID: Intel-thc-hid: Intel-thc: Add safety check for reading DMA buffer Add DMA buffer readiness check before reading DMA buffer to avoid unexpected NULL pointer accessing.
Title HID: Intel-thc-hid: Intel-thc: Add safety check for reading DMA buffer
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-02-16T08:58:57.510Z

Reserved: 2026-01-13T15:37:45.985Z

Link: CVE-2026-23196

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-02-14T17:15:57.440

Modified: 2026-03-19T17:45:26.697

Link: CVE-2026-23196

cve-icon Redhat

Severity : Important

Publid Date: 2026-02-14T00:00:00Z

Links: CVE-2026-23196 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T12:15:15Z

Weaknesses