HID: multitouch: fix slab out-of-bounds access in mt_report_fixup()

...

kernel: HID: multitouch: fix slab out-of-bounds access in mt_report_fixup()

A flaw exists in the Linux kernel’s HID multitouch driver function mtreportfixup in drivers/hid/hid-multitouch.c. A malicious HID device may supply a report descriptor smaller than 607 bytes; the function then attempts to access and patch byte offset 607 without first verifying the descriptor...

EUVD-2025-29608

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2025-39806

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - HID: multitouch: fix slab out-of-bounds access in mtreportfixup A malicious HID device can trigger a slab out-of-bounds during mtreportfixup by passing in repor...

AZL-74700 CVE-2025-39806 affecting package kernel for versions less than 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: HID: multitouch: fix slab out-of-bounds access in mtreportfixup A malicious HID device can trigger a slab out-of-bounds during mtreportfixup by passing in report descriptor smaller than 607 bytes. mtreportfixup attempts to patch...

DEBIAN-CVE-2025-39806

In the Linux kernel, the following vulnerability has been resolved: HID: multitouch: fix slab out-of-bounds access in mtreportfixup A malicious HID device can trigger a slab out-of-bounds during mtreportfixup by passing in report descriptor smaller than 607 bytes. mtreportfixup attempts to patch...

CVE-2025-39806 HID: multitouch: fix slab out-of-bounds access in mt_report_fixup()

In the Linux kernel, the following vulnerability has been resolved: HID: multitouch: fix slab out-of-bounds access in mtreportfixup A malicious HID device can trigger a slab out-of-bounds during mtreportfixup by passing in report descriptor smaller than 607 bytes. mtreportfixup attempts to patch...