Description
In the Linux kernel, the following vulnerability has been resolved:

HID: multitouch: Check to ensure report responses match the request

It is possible for a malicious (or clumsy) device to respond to a
specific report's feature request using a completely different report
ID. This can cause confusion in the HID core resulting in nasty
side-effects such as OOB writes.

Add a check to ensure that the report ID in the response, matches the
one that was requested. If it doesn't, omit reporting the raw event and
return early.
Published: 2026-05-01
Score: 7.8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

In the Linux kernel’s HID multitouch subsystem, data received from a device is not validated against the original request; the report ID in the response is not checked. When a mismatched report ID is returned, the kernel may process a wrong report, leading to out‑of‑bounds writes. This lack of validation can cause kernel memory corruption and instability, originating from insufficient input validation within the driver code.

Affected Systems

Kernel versions 4.3.6 and the 7.0 release candidates rc1–rc4 are explicitly listed as affected by the CVE. The vulnerability resides in the generic Linux:HID multitouch device driver and therefore also impacts any other kernel that lacks the patch. Thus, all Linux installations running these kernel versions—or any other unpatched kernels—are potentially vulnerable; administrators should verify their kernel release and apply the update as soon as possible.

Risk and Exploitability

The CVSS score of 7.8 indicates a high impact severity. The EPSS score of < 1% denotes a low empirically observed exploitation probability, and the vulnerability is not listed in CISA KEV. Based on the description, it is inferred that an attacker could send a mismatched report ID over a USB or Bluetooth HID interface to trigger the vulnerability. The likely attack vector is through physical or remote device pairing, as inferred from the mention of HID interfaces. An attacker could cause out‑of‑bounds writes that may destabilize the system. Thus, while the exploitation likelihood remains low, the potential damage is high due to possible kernel memory corruption.

Generated by OpenCVE AI on May 8, 2026 at 20:55 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the Linux kernel to the latest stable release that contains the HID multitouch patch
  • Configure the kernel or system to disable or restrict HID multitouch support if it is not required
  • Implement USB device whitelisting or authentication to ensure only trusted HID devices can connect

Generated by OpenCVE AI on May 8, 2026 at 20:55 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DLA Debian DLA DLA-4561-1 linux-6.1 security update
Debian DLA Debian DLA DLA-4606-1 linux security update
Debian DSA Debian DSA DSA-6243-1 linux security update
History

Fri, 08 May 2026 14:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-787
CPEs cpe:2.3:o:linux:linux_kernel:4.3.6:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*

Sun, 03 May 2026 06:30:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}

 cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Sat, 02 May 2026 12:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-787

Sat, 02 May 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-1287
References
Metrics threat_severity

None

 cvssV3_1

{'score': 7.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}

threat_severity

Moderate

Fri, 01 May 2026 23:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-787

Fri, 01 May 2026 14:45:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: HID: multitouch: Check to ensure report responses match the request It is possible for a malicious (or clumsy) device to respond to a specific report's feature request using a completely different report ID. This can cause confusion in the HID core resulting in nasty side-effects such as OOB writes. Add a check to ensure that the report ID in the response, matches the one that was requested. If it doesn't, omit reporting the raw event and return early.
Title HID: multitouch: Check to ensure report responses match the request
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-23T16:06:06.760Z

Reserved: 2026-05-01T14:12:55.979Z

Link: CVE-2026-43047

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-05-01T15:16:51.073

Modified: 2026-05-08T13:50:16.930

Link: CVE-2026-43047

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-05-01T00:00:00Z

Links: CVE-2026-43047 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-08T21:00:10Z

Weaknesses