CVE-2026-43048
Analyzed Analyzed - Analysis Complete
HID Core Memory Corruption in Linux Kernel

Publication date: 2026-05-01

Last updated on: 2026-05-07

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: HID: core: Mitigate potential OOB by removing bogus memset() The memset() in hid_report_raw_event() has the good intention of clearing out bogus data by zeroing the area from the end of the incoming data string to the assumed end of the buffer. However, as we have previously seen, doing so can easily result in OOB reads and writes in the subsequent thread of execution. The current suggestion from one of the HID maintainers is to remove the memset() and simply return if the incoming event buffer size is not large enough to fill the associated report. Suggested-by Benjamin Tissoires <[email protected]> [bentiss: changed the return value]
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-01
Last Modified
2026-05-07
Generated
2026-06-16
AI Q&A
2026-05-01
EPSS Evaluated
2026-06-15
NVD
CVE-2026-43048
EUVD
EUVD-2026-26647
Affected Vendors & Products
Showing 9 associated CPEs
Vendor Product Version / Range
linux linux_kernel 2.6.15
linux linux_kernel 2.6.15
linux linux_kernel 2.6.15
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel From 6.19 (inc) to 6.19.12 (exc)
linux linux_kernel From 2.6.15.1 (inc) to 6.18.22 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-125 The product reads data past the end, or before the beginning, of the intended buffer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the Linux kernel's HID core, specifically in the function hid_report_raw_event(). The issue arises from a memset() call intended to clear out bogus data by zeroing the area from the end of the incoming data string to the assumed end of the buffer.

However, this memset() can cause out-of-bounds (OOB) reads and writes during subsequent execution because it may access memory beyond the actual buffer size.

The mitigation involves removing this memset() and instead returning early if the incoming event buffer size is not large enough to fill the associated report, preventing OOB memory access.

Impact Analysis

This vulnerability can lead to out-of-bounds memory reads and writes, which may cause system instability, crashes, or potentially allow an attacker to execute arbitrary code or escalate privileges within the Linux kernel environment.

Mitigation Strategies

The vulnerability is mitigated by removing the problematic memset() call in the hid_report_raw_event() function of the Linux kernel. The suggested fix is to simply return if the incoming event buffer size is not large enough to fill the associated report, avoiding out-of-bounds reads and writes.

Therefore, the immediate step to mitigate this vulnerability is to update your Linux kernel to a version where this fix has been applied.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-43048. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart