CVE-2025-39806 — Out-of-bounds Read in Linux
Severity
7.1HIGHNVD
EPSS
0.0%
top 95.84%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedSep 16
Latest updateApr 9
Description
In the Linux kernel, the following vulnerability has been resolved:
HID: multitouch: fix slab out-of-bounds access in mt_report_fixup()
A malicious HID device can trigger a slab out-of-bounds during
mt_report_fixup() by passing in report descriptor smaller than
607 bytes. mt_report_fixup() attempts to patch byte offset 607
of the descriptor with 0x25 by first checking if byte offset
607 is 0x15 however it lacks bounds checks to verify if the
descriptor is big enough before conducting this chec…
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:HExploitability: 1.8 | Impact: 5.2
Affected Packages3 packages
▶CVEListV5linux/linux7d91a0b2151a9c3b61d44c85c8eba930eddd1dd0 — 4263e5851779f7d8ebfbc9cc7d2e9b0217adba8d+7
Also affects: Debian Linux 11.0
Patches
🔴Vulnerability Details
3OSV▶
CVE-2025-39806: In the Linux kernel, the following vulnerability has been resolved: HID: multitouch: fix slab out-of-bounds access in mt_report_fixup() A malicious HI↗2025-09-16
GHSA▶
GHSA-r5jq-cwp5-xxhf: In the Linux kernel, the following vulnerability has been resolved:
HID: multitouch: fix slab out-of-bounds access in mt_report_fixup()
A malicious↗2025-09-16