An out-of-bounds memory access vulnerability in the Linux kernel's PlayStation HID driver could lead to system crashes or information disclosure.

The vulnerability exists in dualshock4_parse_report, which fails to properly clamp the num_touch_reports value. An attacker can provide a malformed device report that triggers an out-of-bounds read of the touch_reports array.

The CVSS score of 8.1 (High) reflects the danger of out-of-bounds memory access. While primarily affecting systems using specific HID hardware, the impact includes potential system instability or the leakage of kernel memory contents, which could be used to bypass security features like KASLR.

Immediate Action: Update the Linux kernel to the version containing the fix for the PlayStation HID driver.

Proactive Monitoring: Monitor system logs for driver-related errors or kernel panics related to HID device input.

Compensating Controls: Restrict physical access to USB ports and prevent the connection of unauthorized HID devices on critical systems.

Public Exploit Available: false

Although the impact is localized to HID drivers, kernel-level memory corruption is a serious issue. Administrators should ensure kernel updates are applied to all affected Linux distributions.