{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-23196", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-01-13T15:37:45.985Z", "datePublished": "2026-02-14T16:27:22.264Z", "dateUpdated": "2026-05-11T22:02:10.967Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-05-11T22:02:10.967Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: Intel-thc-hid: Intel-thc: Add safety check for reading DMA buffer\n\nAdd DMA buffer readiness check before reading DMA buffer to avoid\nunexpected NULL pointer accessing."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/hid/intel-thc-hid/intel-thc/intel-thc-dma.c"], "versions": [{"version": "4138f21115aec3ebae7805ec3407c72d93558023", "lessThan": "1e84a807c98a71f767fd1f609637bc5944f916cb", "status": "affected", "versionType": "git"}, {"version": "4138f21115aec3ebae7805ec3407c72d93558023", "lessThan": "a9a917998d172ec117f9e9de1919174153c0ace4", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/hid/intel-thc-hid/intel-thc/intel-thc-dma.c"], "versions": [{"version": "6.14", "status": "affected"}, {"version": "0", "lessThan": "6.14", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.10", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.19", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.14", "versionEndExcluding": "6.18.10"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.14", "versionEndExcluding": "6.19"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/1e84a807c98a71f767fd1f609637bc5944f916cb"}, {"url": "https://git.kernel.org/stable/c/a9a917998d172ec117f9e9de1919174153c0ace4"}], "title": "HID: Intel-thc-hid: Intel-thc: Add safety check for reading DMA buffer", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "4A68C73F-9B63-4EBC-9C52-F9679DAE3D65", "versionEndExcluding": "6.18.10", "versionStartIncluding": "6.14", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc1:*:*:*:*:*:*", "matchCriteriaId": "17B67AA7-40D6-4AFA-8459-F200F3D7CFD1", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc2:*:*:*:*:*:*", "matchCriteriaId": "C47E4CC9-C826-4FA9-B014-7FE3D9B318B2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc3:*:*:*:*:*:*", "matchCriteriaId": "F71D92C0-C023-48BD-B3B6-70B638EEE298", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc4:*:*:*:*:*:*", "matchCriteriaId": "13580667-0A98-40CC-B29F-D12790B91BDB", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: Intel-thc-hid: Intel-thc: Add safety check for reading DMA buffer\n\nAdd DMA buffer readiness check before reading DMA buffer to avoid\nunexpected NULL pointer accessing."}, {"lang": "es", "value": "En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta:\n\nHID: Intel-thc-hid: Intel-thc: A\u00f1adir comprobaci\u00f3n de seguridad para la lectura del b\u00fafer DMA\n\nA\u00f1adir comprobaci\u00f3n de disponibilidad del b\u00fafer DMA antes de leer el b\u00fafer DMA para evitar el acceso inesperado a punteros NULL."}], "id": "CVE-2026-23196", "lastModified": "2026-03-19T17:45:26.697", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-02-14T17:15:57.440", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/1e84a807c98a71f767fd1f609637bc5944f916cb"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/a9a917998d172ec117f9e9de1919174153c0ace4"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: HID: Intel-thc-hid: Intel-thc: Add safety check for reading DMA buffer", "id": "2439907", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2439907"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "draft"}, "details": ["In the Linux kernel, the following vulnerability has been resolved:\nHID: Intel-thc-hid: Intel-thc: Add safety check for reading DMA buffer\nAdd DMA buffer readiness check before reading DMA buffer to avoid\nunexpected NULL pointer accessing."], "name": "CVE-2026-23196", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-02-14T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-23196\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-23196\nhttps://lore.kernel.org/linux-cve-announce/2026021435-CVE-2026-23196-2812@gregkh/T"], "threat_severity": "Important"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,1e84a807c98a71f767fd1f609637bc5944f916cb)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,a9a917998d172ec117f9e9de1919174153c0ace4)"}}], "product": "linux_kernel", "vendor": "linux"}, {"configurations": [{"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.18.10,6.19.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.19,*]"}}], "product": "linux_kernel", "vendor": "linux"}], "analysis": {"en": {"generated_at": "2026-04-18T12:13:22.692125+00:00", "value": {"mitigation_remediation": ["Apply the latest kernel release that includes the update (e.g., Linux kernel 6.19.5 or newer).", "Until the kernel can be updated, disable or restrict the Intel\u2011thc HID device, for example by blacklisting the module or configuring udev rules to prevent the device from loading.", "Enable kernel crash dumping and monitor dmesg or system logs for null\u2011pointer dereference errors to detect any attempts to trigger the bug."], "summary": {"action": "Patch Kernel", "impact": "Denial of Service"}, "threat_synthesis": {"affected_systems": "The affected product is the Linux kernel. Specifically, release candidate versions 6.19.rc1 through 6.19.rc4 on all Linux platforms are impacted, as identified by the CVE advisory. No other vendors or products are listed.", "description_and_impact": "A null pointer dereference occurs in the Intel-thc HID driver when the code reads a DMA buffer that may not be ready. The vulnerability allows a kernel crash, which can lead to a system reboot or denial of service. The weakness is a classic null pointer dereference (CWE\u2011476). The likely attack vector is a specially crafted HID device that can trigger the driver to read an uninitialized buffer, but the description itself does not specify the exploitation method, so this inference is based on typical HID driver behavior.", "risk_and_exploitability": "The CVSS score of 5.5 indicates moderate severity. The EPSS score of less than 1% shows a very low probability of exploitation. The vulnerability is not currently listed in the CISA KEV catalog, suggesting no widespread, actively exploited incidents are known. Practical exploitation would likely require proximity or physical access to the vulnerable device, making it most relevant to environments that allow untrusted HID devices. Updating to a patched kernel mitigates the risk effectively."}}}}, "created": "2026-02-16T09:43:37.547438+00:00", "updated": "2026-04-18T12:15:15.788142+00:00", "vendors": ["linux", "linux$PRODUCT$linux_kernel"]}