Cyber Resilience

CVE-2026-43048

High

Published: 01 May 2026

Published
01 May 2026
Modified
07 May 2026
KEV Added
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0024 15.1th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-43048 is a high-severity Out-of-bounds Read (CWE-125) vulnerability in Linux Linux Kernel. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 15.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2026-43048 is a vulnerability in the Linux kernel's HID core subsystem, specifically within the hid_report_raw_event() function. The issue stems from a memset() operation intended to zero out data from the end of an incoming HID report buffer to the assumed buffer end, which can result in out-of-bounds reads and writes during subsequent execution threads.

The vulnerability has a CVSS v3.1 base score of 8.8 (AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating exploitation is feasible by unauthenticated attackers from an adjacent network position with low complexity and no user interaction. Successful exploitation could allow attackers to achieve high impacts on confidentiality, integrity, and availability, potentially leading to kernel-level compromise through malformed HID reports.

Kernel patches addressing the issue are available in stable branches via git.kernel.org commits such as 0a3fe972a7cb1404f693d6f1711f32bc1d244b1c, 8f71034649738fdeb6859b8d6cddf132024fac06, and bd6e1d0230cca9575f5d118148f51e2a56b5373f. The fix removes the problematic memset() and instead returns early if the incoming event buffer size is insufficient to fill the associated report, as suggested by HID maintainer Benjamin Tissoires.

EU & UK References

Vulnerability details

In the Linux kernel, the following vulnerability has been resolved: HID: core: Mitigate potential OOB by removing bogus memset() The memset() in hid_report_raw_event() has the good intention of clearing out bogus data by zeroing the area from the end of…

more

the incoming data string to the assumed end of the buffer. However, as we have previously seen, doing so can easily result in OOB reads and writes in the subsequent thread of execution. The current suggestion from one of the HID maintainers is to remove the memset() and simply return if the incoming event buffer size is not large enough to fill the associated report. Suggested-by Benjamin Tissoires <bentiss@kernel.org> [bentiss: changed the return value]

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Kernel memory corruption via out-of-bounds read/write in HID report processing enables exploitation for privilege escalation to achieve kernel-level compromise.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-31570Same product: Linux Linux Kernel
CVE-2026-23099Same product: Linux Linux Kernel
CVE-2026-23406Same product: Linux Linux Kernel
CVE-2026-23407Same product: Linux Linux Kernel
CVE-2026-23288Same product: Linux Linux Kernel
CVE-2021-47633Same product: Linux Linux Kernel
CVE-2026-31413Same product: Linux Linux Kernel
CVE-2022-49503Same product: Linux Linux Kernel
CVE-2025-71112Same product: Linux Linux Kernel
CVE-2026-43025Same product: Linux Linux Kernel

Affected Assets

linux
linux kernel
2.6.15, 7.0 · 2.6.15.1 — 6.18.22 · 6.19 — 6.19.12

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Applying available Linux kernel patches directly remediates the OOB read/write vulnerability in hid_report_raw_event() by removing the problematic memset().

prevent

Validating the size and integrity of incoming HID report buffers before processing prevents the OOB memset operation triggered by insufficient buffer sizes.

prevent

Kernel memory protections such as address space layout randomization and stack canaries mitigate the impact of OOB reads and writes from malformed HID reports.

References