Upstream information
Description
In the Linux kernel, the following vulnerability has been resolved:HID: multitouch: Check to ensure report responses match the request
It is possible for a malicious (or clumsy) device to respond to a
specific report's feature request using a completely different report
ID. This can cause confusion in the HID core resulting in nasty
side-effects such as OOB writes.
Add a check to ensure that the report ID in the response, matches the
one that was requested. If it doesn't, omit reporting the raw event and
return early.
SUSE information
Overall state of this security issue: Does not affect SUSE products
SUSE Bugzilla entry: 1264073 [NEW] No SUSE Security Announcements cross referenced.SUSE Timeline for this CVE
CVE page created: Tue May 5 15:30:32 2026CVE page last modified: Fri May 8 12:08:59 2026