CVE-2026-46232

CVE Database · CVE-2026-46232

CVE-2026-46232

· HIGHAnalyzed

CVSS v3.1

8.1

EPSS

0.26%

Published

May 28, 2026

Modified

Jun 10, 2026

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

In the Linux kernel, the following vulnerability has been resolved: HID: playstation: Clamp num_touch_reports A device would never lie about the number of touch reports would it? If it does the loop in dualshock4_parse_report will read off the end of the touch_reports array, up to about 2 KiB for the maximum number of 256 loop iteraions. The data that is read is emitted via evdev if the DS4_TOUCH_POINT_INACTIVE bit happens to be set. Protect against this by clamping the num_touch_reports value provided by the device to the maximum size of the touch_reports array.

CVSS Vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Affected Products (7)

linux · linux_kernel (up to 6.6.140)vulnerable

linux · linux_kernel (up to 6.12.90)vulnerable

linux · linux_kernel (up to 6.18.32)vulnerable

linux · linux_kernel (up to 7.0.9)vulnerable

linux · linux_kernelvulnerable

References (5)

https://git.kernel.org/stable/c/0bc4cf1a6ba00fb8c074531b179bc7b97502fbc4

Patch

https://git.kernel.org/stable/c/208f6d5b1dfd6399bc6af9e11f27f1f496243ed0