CVE-2026-46232
HighCVSS 8.1Exploitation Probability (EPSS)
Low risk6th percentile - higher than 6% of all known CVEs
Summary
A vulnerability has been identified in the Linux kernel related to the HID PlayStation device, allowing for reading data beyond the bounds of the touch_reports array. This issue occurs in the dualshock4_parse_report function, where the number of touch reports may be incorrectly reported by the device.
Risk Assessment
This vulnerability could lead to unintended data reads, posing a risk of exposing sensitive information or destabilizing the system. Organizations should be aware of potential threats associated with the use of DS4 devices.
Recommendation
It is recommended to update the Linux kernel to the latest version to benefit from security patches that clamp the num_touch_reports value to the maximum size of the touch_reports array. Additionally, monitoring the use of HID devices in the system may help identify potential threats.
Original NVD description (English source)
In the Linux kernel, the following vulnerability has been resolved: HID: playstation: Clamp num_touch_reports A device would never lie about the number of touch reports would it? If it does the loop in dualshock4_parse_report will read off the end of the touch_reports array, up to about 2 KiB for the maximum number of 256 loop iteraions. The data that is read is emitted via evdev if the DS4_TOUCH_POINT_INACTIVE bit happens to be set. Protect against this by clamping the num_touch_reports value provided by the device to the maximum size of the touch_reports array.

