Input Validation Flaw in Linux Kernel's HID Features
CVE-2026-43047

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 1 May 2026

What is CVE-2026-43047?

The Linux kernel has been identified with a vulnerability in the Human Interface Device (HID) subsystem where a malicious or improperly functioning device can respond to a feature request with an erroneous report ID. This mismatch between the requested and returned report IDs can confuse the HID core leading to potential out-of-bounds (OOB) write operations, causing unpredictable side effects. This vulnerability has been addressed by implementing checks to ensure that the response report ID corresponds correctly with the initial request, enhancing the overall security and stability of device interactions.

Affected Version(s)

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 516da3f25cfe18643835af1cf09b0e9ffc36c383

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 74c6015375d8b9bc1b1eb79f20636c8e894bcad7

References

https://git.kernel.org/stable/c/516da3f25cfe18643835af1cf...

https://git.kernel.org/stable/c/a61163daf8a90b4a7ef154d5f...

https://git.kernel.org/stable/c/74c6015375d8b9bc1b1eb79f2...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 1, 2026
Vulnerability Reserved
May 1, 2026

CVE-2026-43047 Data

JSON