In the Linux kernel, the following vulnerability has been resolved:
HID: playstation: Clamp numtouchreports
A device would never lie about the number of touch reports would it?
If it does the loop in dualshock4parsereport will read off the end of the touchreports array, up to about 2 KiB for the maximum number of 256 loop iteraions. The data that is read is emitted via evdev if the DS4TOUCHPOINTINACTIVE bit happens to be set. Protect against this by clamping the numtouchreports value provided by the device to the maximum size of the touch_reports array.
{
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/46xxx/CVE-2026-46232.json",
"cna_assigner": "Linux"
}