Out-of-Bounds Read Vulnerability in Wacom Devices from Linux Kernel
CVE-2026-43051

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 1 May 2026

What is CVE-2026-43051?

A vulnerability has been identified in the Linux kernel where the wacom_intuos_bt_irq() function processes Bluetooth HID reports without adequate bounds checking. This flaw allows a maliciously constructed short report to cause an out-of-bounds read when data is copied into the Wacom structure. Specifically, report 0x03 requires a minimum of 22 bytes for safe processing, while report 0x04, which defaults to 0x03, demands 32 bytes. The issue has been addressed by introducing explicit length checks for these report IDs, ensuring that warnings are logged if a short report is encountered.

Affected Version(s)

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 5b5b9730111808410e404ceac2fabd32eef92fbd

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

References

https://git.kernel.org/stable/c/d0ae84b3c9f3ea1a564eb1b76...

https://git.kernel.org/stable/c/5b5b9730111808410e404ceac...

https://git.kernel.org/stable/c/fa8901cb1f0b2113a342db93b...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 1, 2026
Vulnerability Reserved
May 1, 2026

CVE-2026-43051 Data

JSON