TROYANOSYVIRUS
Voltar para CVEs

CVE-2026-43048

HIGH
8.8

Descricao

In the Linux kernel, the following vulnerability has been resolved: HID: core: Mitigate potential OOB by removing bogus memset() The memset() in hid_report_raw_event() has the good intention of clearing out bogus data by zeroing the area from the end of the incoming data string to the assumed end of the buffer. However, as we have previously seen, doing so can easily result in OOB reads and writes in the subsequent thread of execution. The current suggestion from one of the HID maintainers is to remove the memset() and simply return if the incoming event buffer size is not large enough to fill the associated report. Suggested-by Benjamin Tissoires <bentiss@kernel.org> [bentiss: changed the return value]

Detalhes CVE

Pontuacao CVSS v3.18.8
SeveridadeHIGH
Vetor CVSSCVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vetor de ataqueADJACENT_NETWORK
ComplexidadeLOW
Privilegios necessariosNONE
Interacao do usuarioNONE
Publicado5/1/2026
Ultima modificacao5/3/2026
Fontenvd
Avistamentos honeypot0

Referencias

https://git.kernel.org/stable/c/0a3fe972a7cb1404f693d6f1711f32bc1d244b1c(416baaa9-dc9f-4396-8d5f-8c081fb06d67)
https://git.kernel.org/stable/c/8f71034649738fdeb6859b8d6cddf132024fac06(416baaa9-dc9f-4396-8d5f-8c081fb06d67)
https://git.kernel.org/stable/c/bd6e1d0230cca9575f5d118148f51e2a56b5373f(416baaa9-dc9f-4396-8d5f-8c081fb06d67)

Correlacoes IOC

Sem correlacoes registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.