{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-43051", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-05-01T14:12:55.980Z", "datePublished": "2026-05-01T14:15:45.314Z", "dateUpdated": "2026-05-01T14:15:45.314Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-05-01T14:15:45.314Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: wacom: fix out-of-bounds read in wacom_intuos_bt_irq\n\nThe wacom_intuos_bt_irq() function processes Bluetooth HID reports\nwithout sufficient bounds checking. A maliciously crafted short report\ncan trigger an out-of-bounds read when copying data into the wacom\nstructure.\n\nSpecifically, report 0x03 requires at least 22 bytes to safely read\nthe processed data and battery status, while report 0x04 (which\nfalls through to 0x03) requires 32 bytes.\n\nAdd explicit length checks for these report IDs and log a warning if\na short report is received."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/hid/wacom_wac.c"], "versions": [{"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "d0ae84b3c9f3ea1a564eb1b7612113ca9fe8aada", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "5b5b9730111808410e404ceac2fabd32eef92fbd", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "fa8901cb1f0b2113a342db93bd5684b59fe99dcf", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "8bd690ac1242332c73cba10dacdad6c6642bbb94", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "41026bcc0fdf82605205c27935ef719cbc07193b", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "c8dc23c97680eebefde06da5858aaef1b37cf75d", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "3d78386b144453c47e81bf62dc3601b757f02d99", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "2f1763f62909ccb6386ac50350fa0abbf5bb16a9", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/hid/wacom_wac.c"], "versions": [{"version": "5.10.253", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.203", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.168", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.134", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.81", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.22", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.19.12", "lessThanOrEqual": "6.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.0", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "5.10.253"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "5.15.203"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.1.168"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.6.134"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.12.81"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.18.22"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.19.12"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "7.0"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/d0ae84b3c9f3ea1a564eb1b7612113ca9fe8aada"}, {"url": "https://git.kernel.org/stable/c/5b5b9730111808410e404ceac2fabd32eef92fbd"}, {"url": "https://git.kernel.org/stable/c/fa8901cb1f0b2113a342db93bd5684b59fe99dcf"}, {"url": "https://git.kernel.org/stable/c/8bd690ac1242332c73cba10dacdad6c6642bbb94"}, {"url": "https://git.kernel.org/stable/c/41026bcc0fdf82605205c27935ef719cbc07193b"}, {"url": "https://git.kernel.org/stable/c/c8dc23c97680eebefde06da5858aaef1b37cf75d"}, {"url": "https://git.kernel.org/stable/c/3d78386b144453c47e81bf62dc3601b757f02d99"}, {"url": "https://git.kernel.org/stable/c/2f1763f62909ccb6386ac50350fa0abbf5bb16a9"}], "title": "HID: wacom: fix out-of-bounds read in wacom_intuos_bt_irq", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: wacom: fix out-of-bounds read in wacom_intuos_bt_irq\n\nThe wacom_intuos_bt_irq() function processes Bluetooth HID reports\nwithout sufficient bounds checking. A maliciously crafted short report\ncan trigger an out-of-bounds read when copying data into the wacom\nstructure.\n\nSpecifically, report 0x03 requires at least 22 bytes to safely read\nthe processed data and battery status, while report 0x04 (which\nfalls through to 0x03) requires 32 bytes.\n\nAdd explicit length checks for these report IDs and log a warning if\na short report is received."}], "id": "CVE-2026-43051", "lastModified": "2026-05-01T15:24:14.893", "metrics": {}, "published": "2026-05-01T15:16:51.543", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/2f1763f62909ccb6386ac50350fa0abbf5bb16a9"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/3d78386b144453c47e81bf62dc3601b757f02d99"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/41026bcc0fdf82605205c27935ef719cbc07193b"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/5b5b9730111808410e404ceac2fabd32eef92fbd"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/8bd690ac1242332c73cba10dacdad6c6642bbb94"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/c8dc23c97680eebefde06da5858aaef1b37cf75d"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/d0ae84b3c9f3ea1a564eb1b7612113ca9fe8aada"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/fa8901cb1f0b2113a342db93bd5684b59fe99dcf"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{}

{}