CVE-2026-43051

medium

Red Hat

CVSS v3 Base Score

7.1

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

EPSS Score

0.0%

Exploitation probability in 30 days

Top 93% most likely to be exploited

Attack Characteristics

Attack Vector

Adjacent

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Confidentiality

Low

Integrity

None

Availability

High

Published: May 1, 2026 (13 days ago)

Last Modified: May 1, 2026

Vendor: Red Hat

Source: REDHAT

Description

In the Linux kernel, the following vulnerability has been resolved: HID: wacom: fix out-of-bounds read in wacom_intuos_bt_irq The wacom_intuos_bt_irq() function processes Bluetooth HID reports without sufficient bounds checking. A maliciously crafted short report can trigger an out-of-bounds read when copying data into the wacom structure. Specifically, report 0x03 requires at least 22 bytes to safely read the processed data and battery status, while report 0x04 (which falls through to 0x03) requires 32 bytes. Add explicit length checks for these report IDs and log a warning if a short report is received.

CWE

CWE-125

Affected Products

Red Hat Enterprise Linux 10Red Hat Enterprise Linux 6Red Hat Enterprise Linux 7Red Hat Enterprise Linux 8Red Hat Enterprise Linux 9

References

🔗 bugzilla.redhat.com 🔗 www.cve.org 🔗 nvd.nist.gov 🔗 lore.kernel.org

CVE-2026-43051

Vulnerability Report

Description

CWE

Affected Products

References