Cyber Resilience

CVE-2026-43047

High

Published: 01 May 2026

Published
01 May 2026
Modified
08 May 2026
KEV Added
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0001 3.6th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-43047 is a high-severity Out-of-bounds Write (CWE-787) vulnerability in Linux Linux Kernel. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 3.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2026-43047 is a vulnerability in the Linux kernel's HID multitouch subsystem. It arises from a lack of validation in feature report responses from HID devices, such as multitouch input devices. A malicious or faulty device can reply to a specific report request with a mismatched report ID, leading to confusion in the HID core and potential out-of-bounds (OOB) writes.

The vulnerability has a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating it requires local access with low privileges and low attack complexity. An attacker with local user privileges could exploit this by connecting a malicious HID multitouch device that sends crafted responses, potentially triggering OOB writes in kernel memory. This could result in high-impact confidentiality, integrity, and availability violations, such as arbitrary code execution or system crashes.

Mitigation involves applying the upstream kernel patches referenced in the stable repository commits, including 2edc92f89eee328b5be5706b5d431bf90669e9c0, 516da3f25cfe18643835af1cf09b0e9ffc36c383, 6a4acd3e86fe5584050c213d95147eba33856033, 74c6015375d8b9bc1b1eb79f20636c8e894bcad7, and 7f66fdbc077faed3b52519228d21d81979e92249. These patches add a check to verify that the report ID in the response matches the requested ID; if mismatched, the raw event is omitted and processing returns early, preventing the side effects.

EU & UK References

Vulnerability details

In the Linux kernel, the following vulnerability has been resolved: HID: multitouch: Check to ensure report responses match the request It is possible for a malicious (or clumsy) device to respond to a specific report's feature request using a completely…

more

different report ID. This can cause confusion in the HID core resulting in nasty side-effects such as OOB writes. Add a check to ensure that the report ID in the response, matches the one that was requested. If it doesn't, omit reporting the raw event and return early.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
T1200 Hardware Additions Initial Access
Adversaries may physically introduce computer accessories, networking hardware, or other computing devices into a system or network that can be used as a vector to gain access.
Why these techniques?

Vulnerability enables local kernel exploitation via malicious HID device connection for privilege escalation (T1068) and is exploited using hardware addition (T1200).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-71137Same product: Linux Linux Kernel
CVE-2026-31772Same product: Linux Linux Kernel
CVE-2026-23378Same product: Linux Linux Kernel
CVE-2026-31494Same product: Linux Linux Kernel
CVE-2025-21735Same product: Linux Linux Kernel
CVE-2025-21650Same product: Linux Linux Kernel
CVE-2024-52319Same product: Linux Linux Kernel
CVE-2024-58003Same product: Linux Linux Kernel
CVE-2026-23343Same product: Linux Linux Kernel
CVE-2026-23092Same product: Linux Linux Kernel

Affected Assets

linux
linux kernel
4.3.6, 7.0 · 4.4 — 5.10.253 · 5.11 — 5.15.203 · 5.16 — 6.1.168

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Requires validation of HID feature report inputs to ensure report IDs match requests, directly preventing processing of mismatched responses that cause OOB writes in the kernel.

prevent

Mandates timely patching of the Linux kernel flaw to implement report ID validation checks, eliminating the vulnerability exploited by malicious HID devices.

prevent

Implements memory protections such as bounds checking and address space randomization to mitigate out-of-bounds writes resulting from invalid HID report processing.

References