PT-2026-44355 · Linux · Linux
Published
2026-05-28
·
Updated
2026-05-28
·
CVE-2026-46232
None
No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.
In the Linux kernel, the following vulnerability has been resolved:
HID: playstation: Clamp num touch reports
A device would never lie about the number of touch reports would it?
If it does the loop in dualshock4 parse report will read off the end of
the touch reports array, up to about 2 KiB for the maximum number of 256
loop iteraions. The data that is read is emitted via evdev if the
DS4 TOUCH POINT INACTIVE bit happens to be set. Protect against this by
clamping the num touch reports value provided by the device to the
maximum size of the touch reports array.
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Linux