CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

AstraLinux•added 2026/05/03 11:59 p.m.•1 views

Astra Linux - уязвимость в linux-5.10, linux-5.15, linux

In the Linux kernel, the following vulnerability has been resolved: HID: core: fix shift-out-of-bounds in hidreportrawevent Syzbot reported shift-out-of-bounds in hidreportrawevent. microsoft 0003:045E:07DA.0001: hidfieldextract called with n 128 32! swapper/0...

5.5CVSS6.3AI score0.00007EPSS

AstraLinux•added 2026/05/03 11:59 p.m.•3 views

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: HID: core: Harden s32ton against conversion to 0 bits Testing by the syzbot fuzzer showed that the HID core gets a shift-out-of-bounds exception when it tries to convert a 32-bit quantity to a 0-bit quantity. Ideally this should...

7.1CVSS5.8AI score0.00023EPSS

AstraLinux•added 2026/05/03 11:59 p.m.•4 views

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: HID: core: ensure the allocated report buffer can contain the reserved report ID When the report ID is not used, the low level transport drivers expect the first byte to be 0. However, currently the allocated buffer not account f...

5.5CVSS6.5AI score0.00021EPSS

AstraLinux•added 2026/05/03 11:59 p.m.•2 views

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: HID: core: remove unnecessary WARNON in implement Syzkaller hit a warning 1 in a call to implement when trying to write a value into a field of smaller size in an output report. Since implement already has a warn message printed...

5.5CVSS6.3AI score0.00005EPSS

AstraLinux•added 2026/05/03 11:59 p.m.•1 views

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: HID: core: Fix assumption that Resolution Multipliers must be in Logical Collections A report in 2019 by the syzbot fuzzer was found to be connected to two errors in the HID core associated with Resolution Multipliers. One of the...

5.5CVSS6.4AI score0.00016EPSS

RedhatCVE•added 2026/05/01 6:33 p.m.•3 views

CVE-2026-43048

A flaw was found in the Linux kernel's Human Interface Device HID core. An incorrect memset operation within the hidreportrawevent function can lead to out-of-bounds OOB reads and writes. This vulnerability occurs when the incoming event buffer size is insufficient to fill the associated report,...

8.8CVSS5.9AI score0.00021EPSS

NVD•added 2026/05/01 3:16 p.m.•1 views

CVE-2026-43048

8.8CVSS0.00021EPSS

EUVD•added 2026/05/01 2:15 p.m.•2 views

EUVD-2026-26647

5.9AI score0.00021EPSS

CVE•added 2026/05/01 2:15 p.m.•13 views

CVE-2026-43048

The CVE concerns the Linux kernel HID core. The issue arises in hid_report_raw_event() where a memset() intended to clear bogus data can trigger out-of-bounds reads/writes when the incoming event buffer is not large enough for the report. The fix removes the problematic memset() and instead retur...

8.8CVSS5.9AI score0.00021EPSS

Exploits0References3Affected Software1

CNNVD•added 2026/05/01 12:0 a.m.•3 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the hidreportrawevent function in the HID core that can cause OOB reads and writes when using memset to clea...

8.8CVSS5.8AI score0.00021EPSS

Exploits0References1

Positive Technologies•added 2026/05/01 12:0 a.m.•1 views

PT-2026-36465

In the Linux kernel, the following vulnerability has been resolved: HID: core: Mitigate potential OOB by removing bogus memset The memset in hid report raw event has the good intention of clearing out bogus data by zeroing the area from the end of the incoming data string to the assumed end of th...

5.9AI score0.00021EPSS

Tenable Nessus•added 2026/04/27 12:0 a.m.•1 views

Linux Distros Unpatched Vulnerability : CVE-2026-31624

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - HID: core: clamp reportsize in s32ton to avoid undefined shift s32ton shifts by n-1 where n is the field's reportsize, a value that comes directly from a HID...

5.5CVSS5.8AI score0.00014EPSS

SUSE CVE•added 2026/04/25 1:37 a.m.•2 views

SUSE CVE-2026-31624

In the Linux kernel, the following vulnerability has been resolved: HID: core: clamp reportsize in s32ton to avoid undefined shift s32ton shifts by n-1 where n is the field's reportsize, a value that comes directly from a HID device. The HID parser bounds reportsize only to 32 clamp to the functi...

5.5CVSS5.4AI score0.00014EPSS

RedhatCVE•added 2026/04/24 8:38 p.m.•3 views

CVE-2026-31624

A flaw was found in the Linux kernel's Human Interface Device HID core. A malicious or malformed HID device could provide a specially crafted report descriptor with an overly large reportsize value. This could lead to an undefined shift operation within the s32ton function when processing output...

5.5CVSS5.3AI score0.00014EPSS