CVE-2026-46232

HIGH EPSS 17.0%
Published May 28, 20261mo ago · Modified Jun 17, 20261w ago
8.1 CVSS 3.1
High
Find Similar
Published May 28, 2026 1mo ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: HID: playstation: Clamp num_touch_reports A device would never lie about the number of touch reports would it? If it does the loop in dualshock4_parse_report will read off the end of the touch_reports array, up to about 2 KiB for the maximum number of 256 loop iteraions. The data that is read is emitted via evdev if the DS4_TOUCH_POINT_INACTIVE bit happens to be set. Protect against this by clamping the num_touch_reports value provided by the device to the maximum size of the touch_reports array.

CVSS Details

Base Score
8.1
Exploitability
2.8
Impact
5.2
Vector string
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
Attack Vector Adjacent
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality High
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
17.0% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Affected Products 7

VendorProductVersionRange
linuxlinux_kernel*≥6.2  –  <6.6.140
linuxlinux_kernel*≥6.7  –  <6.12.90
linuxlinux_kernel*≥6.13  –  <6.18.32
linuxlinux_kernel*≥6.19  –  <7.0.9
linuxlinux_kernel7.1any
linuxlinux_kernel7.1any
linuxlinux_kernel7.1any

References 5

  • git.kernel.org https://git.kernel.org/stable/c/0bc4cf1a6ba00fb8c074531b179bc7b97502fbc4
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/208f6d5b1dfd6399bc6af9e11f27f1f496243ed0
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/7812694752a5f295eaa05a093b90a2c332666051
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/9c031b24aed6733b6dcc5d98527875b8654a04e9
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/cac61b58a3b6340c52afa06bb15eac033158db2f
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/0bc4cf1a6ba00fb8c074531b179bc7b97502fbc4
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/208f6d5b1dfd6399bc6af9e11f27f1f496243ed0
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/7812694752a5f295eaa05a093b90a2c332666051
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/9c031b24aed6733b6dcc5d98527875b8654a04e9
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/cac61b58a3b6340c52afa06bb15eac033158db2f
    Patch