Out-of-Bounds Vulnerability in Linux Kernel Affecting HID Core Functionality
CVE-2026-43048

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 1 May 2026

What is CVE-2026-43048?

A newly identified vulnerability in the Linux kernel impacts the HID core functionality due to improper handling of data buffers. Specifically, the memset() function in hid_report_raw_event() was intended to zero out invalid data but instead introduces risks of out-of-bounds reads and writes. The recommended fix involves removing this memset() operation and implementing a check to ensure the incoming event buffer size is adequate. This change aims to enhance the security posture of the affected systems by preventing unintended memory access in subsequent execution threads.

Affected Version(s)

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 8f71034649738fdeb6859b8d6cddf132024fac06

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 0a3fe972a7cb1404f693d6f1711f32bc1d244b1c

References

https://git.kernel.org/stable/c/8f71034649738fdeb6859b8d6...

https://git.kernel.org/stable/c/bd6e1d0230cca9575f5d11814...

https://git.kernel.org/stable/c/0a3fe972a7cb1404f693d6f17...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 1, 2026
Vulnerability Reserved
May 1, 2026

CVE-2026-43048 Data

JSON