Linux Kernel Vulnerability Affecting Playstation HID Devices
CVE-2026-46232

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 28 May 2026

What is CVE-2026-46232?

An input validation error in the Linux kernel's HID subsystem affects DualShock 4 controllers. Specifically, the device may inaccurately report the number of touch reports, which can lead to out-of-bounds reading in the 'dualshock4_parse_report' function. This flaw allows excessive reading attempts from the touch_reports array, potentially exposing unintended data through evdev when specific conditions are met. The vulnerability has been addressed by clamping the reported value to the maximum allowable limit, ensuring that the array remains within bounds.

Affected Version(s)

Linux 752038248808a7ff176bbdb668f19ae7d2a9816b < 0bc4cf1a6ba00fb8c074531b179bc7b97502fbc4

Linux 752038248808a7ff176bbdb668f19ae7d2a9816b < 9c031b24aed6733b6dcc5d98527875b8654a04e9

Linux 752038248808a7ff176bbdb668f19ae7d2a9816b < 7812694752a5f295eaa05a093b90a2c332666051

References

https://git.kernel.org/stable/c/0bc4cf1a6ba00fb8c074531b1...

https://git.kernel.org/stable/c/9c031b24aed6733b6dcc5d985...

https://git.kernel.org/stable/c/7812694752a5f295eaa05a093...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 28, 2026
Vulnerability Reserved
May 13, 2026

CVE-2026-46232 Data

JSON