CVE-2026-43048
Published: 01 May 2026
Summary
CVE-2026-43048 is a high-severity Out-of-bounds Read (CWE-125) vulnerability in Linux Linux Kernel. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 5.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Applying available Linux kernel patches directly remediates the OOB read/write vulnerability in hid_report_raw_event() by removing the problematic memset().
Validating the size and integrity of incoming HID report buffers before processing prevents the OOB memset operation triggered by insufficient buffer sizes.
Kernel memory protections such as address space layout randomization and stack canaries mitigate the impact of OOB reads and writes from malformed HID reports.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Kernel memory corruption via out-of-bounds read/write in HID report processing enables exploitation for privilege escalation to achieve kernel-level compromise.
NVD Description
In the Linux kernel, the following vulnerability has been resolved: HID: core: Mitigate potential OOB by removing bogus memset() The memset() in hid_report_raw_event() has the good intention of clearing out bogus data by zeroing the area from the end of…
more
the incoming data string to the assumed end of the buffer. However, as we have previously seen, doing so can easily result in OOB reads and writes in the subsequent thread of execution. The current suggestion from one of the HID maintainers is to remove the memset() and simply return if the incoming event buffer size is not large enough to fill the associated report. Suggested-by Benjamin Tissoires <bentiss@kernel.org> [bentiss: changed the return value]
Deeper analysisAI
CVE-2026-43048 is a vulnerability in the Linux kernel's HID core subsystem, specifically within the hid_report_raw_event() function. The issue stems from a memset() operation intended to zero out data from the end of an incoming HID report buffer to the assumed buffer end, which can result in out-of-bounds reads and writes during subsequent execution threads.
The vulnerability has a CVSS v3.1 base score of 8.8 (AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating exploitation is feasible by unauthenticated attackers from an adjacent network position with low complexity and no user interaction. Successful exploitation could allow attackers to achieve high impacts on confidentiality, integrity, and availability, potentially leading to kernel-level compromise through malformed HID reports.
Kernel patches addressing the issue are available in stable branches via git.kernel.org commits such as 0a3fe972a7cb1404f693d6f1711f32bc1d244b1c, 8f71034649738fdeb6859b8d6cddf132024fac06, and bd6e1d0230cca9575f5d118148f51e2a56b5373f. The fix removes the problematic memset() and instead returns early if the incoming event buffer size is insufficient to fill the associated report, as suggested by HID maintainer Benjamin Tissoires.
Details
- CWE(s)