CVE-2026-43136
Description
In the Linux kernel, the following vulnerability has been resolved:
HID: logitech-hidpp: Check maxfield in hidpp_get_report_length()
Do not crash when a report has no fields.
Fake USB gadgets can send their own HID report descriptors and can define report structures without valid fields. This can be used to crash the kernel over USB.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A missing bounds check in the Linux kernel's HID-Logitech HID++ driver can cause a crash when a malicious USB device sends a report descriptor with no fields.
Vulnerability
CVE-2026-43136 is a denial-of-service vulnerability in the Linux kernel's HID-Logitech HID++ driver. The function hidpp_get_report_length() fails to check whether a HID report has any fields before accessing them. When a fake USB gadget sends a crafted HID report descriptor that defines a report structure with no valid fields, the kernel attempts to dereference a null or invalid pointer, leading to a crash.
Exploitation
An attacker with physical USB access or the ability to emulate a USB device can exploit this vulnerability. By connecting a malicious USB gadget that presents a specially crafted HID report descriptor lacking any fields, the attacker triggers the missing maxfield check in the driver. No authentication or special privileges are required beyond the ability to connect a USB device.
Impact
Successful exploitation results in a kernel crash (denial of service). The vulnerability does not appear to allow arbitrary code execution or privilege escalation; the primary impact is system instability and potential data loss from an unexpected reboot or panic.
Mitigation
The fix has been applied in the Linux kernel stable tree via commits [1], [2], [3], and [4]. Users should update to a kernel version containing the patch. No workaround is available other than applying the update or restricting physical USB access to trusted devices.
AI Insight generated on May 18, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
8- git.kernel.org/stable/c/1547d41f9f19d691c2c9ce4c29f746297baef9e9nvdPatch
- git.kernel.org/stable/c/1acb28123e57b50d737377f400f57eec889fe5e4nvdPatch
- git.kernel.org/stable/c/2dc023dbc11b8dfa8afa63242762acd8cddcad03nvdPatch
- git.kernel.org/stable/c/7f59999fcd699af06ad2aef446a635ea6aa87db3nvdPatch
- git.kernel.org/stable/c/ae81fac9ce81917817d787e6b74e68482d99bdf2nvdPatch
- git.kernel.org/stable/c/b74bf7d0d01fa9b53653f58c29aa00772121f6e9nvdPatch
- git.kernel.org/stable/c/f1ceaaf93ea32d0f2b95c95f784ee155962c52adnvdPatch
- git.kernel.org/stable/c/fb1725c0804dbec9dd01c4cb5c9f1f77a69e36dcnvdPatch
News mentions
0No linked articles in our index yet.