VDB
DEBIAN-CVE-2026-23178
DEBIAN-CVE-2026-23178
PUBLISHED
CVSS 7.800000190734863 HIGH
In the Linux kernel, the following vulnerability has been resolved: HID: i2c-hid: fix potential buffer overflow in i2c_hid_get_report() `i2c_hid_xfer` is used to read `recv_len + sizeof(__le16)` bytes of data into `ihid->rawbuf`. The former can come from the userspace in the hidraw driver and is only bounded by HID_MAX_BUFFER_SIZE(16384) by default (unless we also set `max_buffer_size` field of `struct hid_ll_driver` which we do not). The latter has size determined at runtime by the maximum size of different report types you could receive on any particular device and can be a much smaller value. Fix this by truncating `recv_len` to `ihid->bufsize - sizeof(__le16)`. The impact is low since access to hidraw devices requires root.
Risk Scores
CVSS 3.1
7.800000190734863
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:14 | linux | 6.12.41-1, 6.12.41-1, 6.12.43-1 |
| Debian:11 | linux-6.1 | 6.1.162-1, 6.1.159-1, 6.1.158-1 |
| Debian:12 | linux | 6.1.66-1, 6.1.67-1, 6.1.69-1 |
| Debian:13 | linux | 6.12.41-1, 6.12.73-1, 6.12.69-1 |
Exploit Intelligence
- 4081.3.7.yml (github-poc)
Timeline
- Feb 14, 2026 CVE Published
- Apr 28, 2026 CVE Updated