-

CVE-2026-23178

EPSS 0.05%
Veröffentlicht 14.02.2026 16:27:10
Zuletzt bearbeitet 18.02.2026 17:52:22
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

In the Linux kernel, the following vulnerability has been resolved:

HID: i2c-hid: fix potential buffer overflow in i2c_hid_get_report()

`i2c_hid_xfer` is used to read `recv_len + sizeof(__le16)` bytes of data
into `ihid->rawbuf`.

The former can come from the userspace in the hidraw driver and is only
bounded by HID_MAX_BUFFER_SIZE(16384) by default (unless we also set
`max_buffer_size` field of `struct hid_ll_driver` which we do not).

The latter has size determined at runtime by the maximum size of
different report types you could receive on any particular device and
can be a much smaller value.

Fix this by truncating `recv_len` to `ihid->bufsize - sizeof(__le16)`.

The impact is low since access to hidraw devices requires root.

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 8

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < f9c9ad89d845f88a1509e9d672f65d234425fde9

Version 85df713377ddc0482071c3e6b64c37bd1e48f1f1

Status affected

Version < cff3f619fd1cb40cdd89971df9001f075613d219

Version 85df713377ddc0482071c3e6b64c37bd1e48f1f1

Status affected

Version < 786ec171788bdf9dda38789163f1b1fbb47f2d1e

Version 85df713377ddc0482071c3e6b64c37bd1e48f1f1

Status affected

Version < 2124279f1f8c32c1646ce98e75a1a39b23b7db76

Version 85df713377ddc0482071c3e6b64c37bd1e48f1f1

Status affected

Version < 2497ff38c530b1af0df5130ca9f5ab22c5e92f29

Version 85df713377ddc0482071c3e6b64c37bd1e48f1f1

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 5.18

Status affected

Version < 5.18

Version 0

Status unaffected

Version <= 6.1.*

Version 6.1.163

Status unaffected

Version <= 6.6.*

Version 6.6.124

Status unaffected

Version <= 6.12.*

Version 6.12.70

Status unaffected

Version <= 6.18.*

Version 6.18.10

Status unaffected

Version <= *

Version 6.19

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.05%	0.136

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://git.kernel.org/stable/c/f9c9ad89d845f88a1509e9d672f65d234425fde9

https://git.kernel.org/stable/c/cff3f619fd1cb40cdd89971df9001f075613d219

https://git.kernel.org/stable/c/786ec171788bdf9dda38789163f1b1fbb47f2d1e

https://git.kernel.org/stable/c/2124279f1f8c32c1646ce98e75a1a39b23b7db76

https://git.kernel.org/stable/c/2497ff38c530b1af0df5130ca9f5ab22c5e92f29

https://nvd.nist.gov/vuln/detail/CVE-2026-23178

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-23178

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-23178

EUVD