SB2026050213 - Out-of-bounds read in Linux kernel hid driver
Published: May 2, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
1) Out-of-bounds read (CVE-ID: CVE-2026-43051)
CWE-ID: CWE-125 - Out-of-bounds read
CVSSv4: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to disclose sensitive information.
The vulnerability exists due to out-of-bounds read in wacom_intuos_bt_irq when processing Bluetooth HID reports. A remote attacker can send a specially crafted short report to disclose sensitive information.
Report ID 0x03 requires at least 22 bytes, and report ID 0x04 requires at least 32 bytes.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/2f1763f62909ccb6386ac50350fa0abbf5bb16a9
- https://git.kernel.org/stable/c/3d78386b144453c47e81bf62dc3601b757f02d99
- https://git.kernel.org/stable/c/41026bcc0fdf82605205c27935ef719cbc07193b
- https://git.kernel.org/stable/c/5b5b9730111808410e404ceac2fabd32eef92fbd
- https://git.kernel.org/stable/c/8bd690ac1242332c73cba10dacdad6c6642bbb94
- https://git.kernel.org/stable/c/c8dc23c97680eebefde06da5858aaef1b37cf75d
- https://git.kernel.org/stable/c/d0ae84b3c9f3ea1a564eb1b7612113ca9fe8aada
- https://git.kernel.org/stable/c/fa8901cb1f0b2113a342db93bd5684b59fe99dcf