CVE-2026-43136

MEDIUM

HID: logitech-hidpp: Check maxfield in hidpp_get_report_length()

Title source: cna
STIX 2.1

Description

In the Linux kernel, the following vulnerability has been resolved: HID: logitech-hidpp: Check maxfield in hidpp_get_report_length() Do not crash when a report has no fields. Fake USB gadgets can send their own HID report descriptors and can define report structures without valid fields. This can be used to crash the kernel over USB.

Scores

CVSS v3 5.5
EPSS 0.0013
EPSS Percentile 2.8%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

Status published
Products (34)
linux/Kernel 5.11.0 - 5.15.202linux
linux/Kernel 5.16.0 - 6.1.165linux
linux/Kernel 5.2.0 - 5.10.252linux
linux/Kernel 6.13.0 - 6.18.16linux
linux/Kernel 6.19.0 - 6.19.6linux
linux/Kernel 6.2.0 - 6.6.128linux
linux/Kernel 6.7.0 - 6.12.75linux
Linux/Linux < 5.2
Linux/Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - 1547d41f9f19d691c2c9ce4c29f746297baef9e9
Linux/Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - 1acb28123e57b50d737377f400f57eec889fe5e4
... and 24 more
Published May 06, 2026
Tracked Since May 06, 2026