The vulnerability occurs when a HID report defined by a Logitech HID++ device contains no valid fields. In the kernel's hidpp_get_report_length() function the maximum number of fields (maxfield) is not verified against the actual descriptor data. Processing such a report causes the kernel to dereference uninitialized data, leading to a crash. An attacker who can supply a crafted HID report—a malicious USB gadget or an untrusted HID device—can exploit this flaw to trigger a kernel panic, resulting in a denial‑of‑service condition for the affected system.

The flaw resides in the Linux kernel's logitech‑hidpp driver. Any Linux installation that uses a kernel version with this unpatched driver is vulnerable. Because the vendor/product list includes only "Linux:Linux", the impact spans all distributions that ship the affected kernel release, regardless of vendor.

The vulnerability has no publicly available exploit scripts, and the EPSS score is unavailable, but the nature of the flaw—an arbitrary crash caused by an untrusted USB device—indicates a high potential for abuse. The kernel crash is a local denial‑of‑service that disrupts system availability. The attack path requires physical or remote access to the USB bus; a malicious gadget can be connected to a target system’s USB port and send a HID report with an empty descriptor. Because the flaw factors are independent of user privileges, any local user with the ability to connect a USB device could trigger it.