Description
In the Linux kernel, the following vulnerability has been resolved:

HID: core: Mitigate potential OOB by removing bogus memset()

The memset() in hid_report_raw_event() has the good intention of
clearing out bogus data by zeroing the area from the end of the incoming
data string to the assumed end of the buffer. However, as we have
previously seen, doing so can easily result in OOB reads and writes in
the subsequent thread of execution.

The current suggestion from one of the HID maintainers is to remove the
memset() and simply return if the incoming event buffer size is not
large enough to fill the associated report.

Suggested-by Benjamin Tissoires <bentiss@kernel.org>

[bentiss: changed the return value]
Published: 2026-05-01
Score: 8.8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

In the Linux kernel HID subsystem, a call to memset() was used to clear data beyond an incoming report's length. Because the report length was unchecked, the memset could write past the buffer, corrupting kernel memory. An attacker who can supply a crafted HID event can trigger this out‑of-bounds write, potentially causing a kernel crash or enabling privilege escalation (CWE‑125).

Affected Systems

All Linux kernel builds prior to the commit that removed the bogus memset are affected. The fix is included in the kernel revisions following the commits linked in the advisory; distributions that have updated kernels after those changes are safe. Older kernels remain vulnerable.

Risk and Exploitability

An exploit requires local or privileged access to a HID device that the kernel processes. The CVSS score of 8.8 indicates high severity, but the EPSS score is < 1% and the flaw is not listed in the CISA KEV catalog. Despite this, kernel memory corruption can lead to privilege escalation or denial of service if an attacker can inject HID events. The risk is significant without re‑patching.

Generated by OpenCVE AI on May 3, 2026 at 08:06 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Linux kernel to a release that includes the commit removing the bogus memset
  • Reboot the system so the kernel change takes effect
  • Restrict access to HID devices by configuring udev rules to limit device permissions to trusted users only

Generated by OpenCVE AI on May 3, 2026 at 08:06 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 07 May 2026 19:15:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:o:linux:linux_kernel:2.6.15:-:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.15:rc6:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.15:rc7:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*

Sun, 03 May 2026 06:30:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}

 cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Sat, 02 May 2026 10:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-122
CWE-788

Sat, 02 May 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-125
References
Metrics threat_severity

None

 cvssV3_1

{'score': 7.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}

threat_severity

Moderate

Fri, 01 May 2026 23:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-122
CWE-788

Fri, 01 May 2026 14:45:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: HID: core: Mitigate potential OOB by removing bogus memset() The memset() in hid_report_raw_event() has the good intention of clearing out bogus data by zeroing the area from the end of the incoming data string to the assumed end of the buffer. However, as we have previously seen, doing so can easily result in OOB reads and writes in the subsequent thread of execution. The current suggestion from one of the HID maintainers is to remove the memset() and simply return if the incoming event buffer size is not large enough to fill the associated report. Suggested-by Benjamin Tissoires <bentiss@kernel.org> [bentiss: changed the return value]
Title HID: core: Mitigate potential OOB by removing bogus memset()
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-11T22:16:42.471Z

Reserved: 2026-05-01T14:12:55.979Z

Link: CVE-2026-43048

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-05-01T15:16:51.193

Modified: 2026-05-07T19:07:05.250

Link: CVE-2026-43048

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-05-01T00:00:00Z

Links: CVE-2026-43048 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-03T08:15:17Z

Weaknesses