CVE-2026-46232EPSS p17.2%

CVE-2026-46232CVE-2026-46232

linux / linux_kernel

Description

In the Linux kernel, the following vulnerability has been resolved: HID: playstation: Clamp num_touch_reports A device would never lie about the number of touch reports would it? If it does the loop in dualshock4_parse_report will read off the end of the touch_reports array, up to about 2 KiB for the maximum number of 256 loop iteraions. The data that is read is emitted via evdev if the DS4_TOUCH_POINT_INACTIVE bit happens to be set. Protect against this by clamping the num_touch_reports value provided by the device to the maximum size of the touch_reports array.

Scoring

CVSS 8.1 ()
VectorCVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
EPSS0.26% probability of exploitation · percentile 17.2% · 2026-06-19T12:03:05Z
Last modified2026-06-10

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-43051
CVE
CVE-2026-31624
CVE
CVE-2026-43048
CVE
CVE-2026-46236
CVE
CVE-2026-46146
CVE
CVE-2026-46056
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.