CVE-2026-43136 - Vulnerability Details

- HID: logitech-hidpp: Check maxfield in hidpp_get_report_length()

Description

In the Linux kernel, the following vulnerability has been resolved:

HID: logitech-hidpp: Check maxfield in hidpp_get_report_length()

Do not crash when a report has no fields.

Fake USB gadgets can send their own HID report descriptors and can define report
structures without valid fields. This can be used to crash the kernel over USB.

Published: 2026-05-06

Score: 5.5 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The vulnerability occurs when a HID report defined by a Logitech HID++ device contains no valid fields. In the kernel's hidpp_get_report_length() function the maximum number of fields (maxfield) is not verified against the actual descriptor data, so processing such a report dereferences uninitialized data and causes a kernel crash. Based on the description, it is inferred that an attacker who can supply a specially crafted HID report—for example, by connecting a malicious USB gadget—can trigger this crash, resulting in a denial-of-service condition for the affected system.

Affected Systems

The flaw resides in the Linux kernel's logitech-hidpp driver. Any Linux installation that uses a kernel version with this unpatched driver is vulnerable. Because the vendor/product list includes only "Linux:Linux", the impact spans all distributions that ship the affected kernel release, regardless of vendor.

Risk and Exploitability

The vulnerability has an EPSS score of less than 1%, indicating a very low probability of exploitation. Based on the description, it is inferred that the attack vector involves a malicious USB gadget or any untrusted HID device connected to the target system, delivering a specially crafted HID report with an empty descriptor. The CVSS score of 5.5 classifies the flaw as medium severity. The crash results in a local denial-of-service by bringing the kernel down, which disrupts system availability.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`fe3ee1ec007bf7b10d7c02814d4b8fbe7d9bb435`	affected	< ae81fac9ce81917817d787e6b74e68482d99bdf2
`fe3ee1ec007bf7b10d7c02814d4b8fbe7d9bb435`	affected	< 2dc023dbc11b8dfa8afa63242762acd8cddcad03
`fe3ee1ec007bf7b10d7c02814d4b8fbe7d9bb435`	affected	< 7f59999fcd699af06ad2aef446a635ea6aa87db3
`fe3ee1ec007bf7b10d7c02814d4b8fbe7d9bb435`	affected	< b74bf7d0d01fa9b53653f58c29aa00772121f6e9
`fe3ee1ec007bf7b10d7c02814d4b8fbe7d9bb435`	affected	< f1ceaaf93ea32d0f2b95c95f784ee155962c52ad
`fe3ee1ec007bf7b10d7c02814d4b8fbe7d9bb435`	affected	< 1acb28123e57b50d737377f400f57eec889fe5e4
`fe3ee1ec007bf7b10d7c02814d4b8fbe7d9bb435`	affected	< fb1725c0804dbec9dd01c4cb5c9f1f77a69e36dc
`fe3ee1ec007bf7b10d7c02814d4b8fbe7d9bb435`	affected	< 1547d41f9f19d691c2c9ce4c29f746297baef9e9

Linux

affected

Version	Status	Constraints
`5.2`	affected	—
`0`	unaffected	< 5.2
`5.10.252`	unaffected	≤ 5.10.*
`5.15.202`	unaffected	≤ 5.15.*
`6.1.165`	unaffected	≤ 6.1.*
`6.6.128`	unaffected	≤ 6.6.*
`6.12.75`	unaffected	≤ 6.12.*
`6.18.16`	unaffected	≤ 6.18.*
`6.19.6`	unaffected	≤ 6.19.*
`7.0`	unaffected	≤ *

Configuration 1 [-]

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

No data.

Vendor Product Confidence Versions

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,ae81fac9ce81917817d787e6b74e68482d99bdf2)`	affected	code_commit	—
`[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,2dc023dbc11b8dfa8afa63242762acd8cddcad03)`	affected	code_commit	—
`[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,7f59999fcd699af06ad2aef446a635ea6aa87db3)`	affected	code_commit	—
`[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,b74bf7d0d01fa9b53653f58c29aa00772121f6e9)`	affected	code_commit	—
`[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,f1ceaaf93ea32d0f2b95c95f784ee155962c52ad)`	affected	code_commit	—
`[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,1acb28123e57b50d737377f400f57eec889fe5e4)`	affected	code_commit	—
`[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,fb1725c0804dbec9dd01c4cb5c9f1f77a69e36dc)`	affected	code_commit	—
`[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,1547d41f9f19d691c2c9ce4c29f746297baef9e9)`	affected	code_commit	—

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[5.10.252,5.11.0)`	unaffected	semver	—
`[5.15.202,5.16.0)`	unaffected	semver	—
`[6.1.165,6.2.0)`	unaffected	semver	—
`[6.6.128,6.7.0)`	unaffected	semver	—
`[6.12.75,6.13.0)`	unaffected	semver	—
`[6.18.16,6.19.0)`	unaffected	semver	—
`[6.19.6,6.20.0)`	unaffected	semver	—
`[0,*]`	unaffected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Update to the latest Linux kernel version that contains the logitech-hidpp fix.
If a kernel update is not immediately possible, disable or unload the logitech-hidpp driver to prevent processing of Logitech HID++ devices.
Limit USB device access by accepting only trusted devices, or temporarily disconnect untrusted USB peripherals until the kernel is patched.

Generated by OpenCVE AI on May 13, 2026 at 01:52 UTC.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
Debian DLA	DLA-4606-1	linux security update

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00013.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/1547d41f9f19d691c2c9ce4c29f746297baef9e9
https://git.kernel.org/stable/c/1acb28123e57b50d737377f400f57eec889fe5e4
https://git.kernel.org/stable/c/2dc023dbc11b8dfa8afa63242762acd8cddcad03
https://git.kernel.org/stable/c/7f59999fcd699af06ad2aef446a635ea6aa87db3
https://git.kernel.org/stable/c/ae81fac9ce81917817d787e6b74e68482d99bdf2
https://git.kernel.org/stable/c/b74bf7d0d01fa9b53653f58c29aa00772121f6e9
https://git.kernel.org/stable/c/f1ceaaf93ea32d0f2b95c95f784ee155962c52ad
https://git.kernel.org/stable/c/fb1725c0804dbec9dd01c4cb5c9f1f77a69e36dc
https://lore.kernel.org/linux-cve-announce/2026050623-CVE-2026-43136-99fb@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2026-43136
https://www.cve.org/CVERecord?id=CVE-2026-43136

History

Wed, 13 May 2026 00:15:00 +0000

Type	Values Removed	Values Added
Weaknesses	CWE-20

Tue, 12 May 2026 21:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		NVD-CWE-noinfo
Metrics	cvssV3_1 `{'score': 7.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}`	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}`

Thu, 07 May 2026 00:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-166
References		https://lore.kernel.org/linux-cve-announce/2026050623-CVE-2026-43136-99fb@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2026-43136 https://www.cve.org/CVERecord?id=CVE-2026-43136
Metrics	threat_severity `None`	cvssV3_1 `{'score': 7.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}` threat_severity `Moderate`

Wed, 06 May 2026 14:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-20

Wed, 06 May 2026 12:15:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: HID: logitech-hidpp: Check maxfield in hidpp_get_report_length() Do not crash when a report has no fields. Fake USB gadgets can send their own HID report descriptors and can define report structures without valid fields. This can be used to crash the kernel over USB.
Title		HID: logitech-hidpp: Check maxfield in hidpp_get_report_length()
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/1547d41f9f19d691c2c9ce4c29f746297baef9e9 https://git.kernel.org/stable/c/1acb28123e57b50d737377f400f57eec889fe5e4 https://git.kernel.org/stable/c/2dc023dbc11b8dfa8afa63242762acd8cddcad03 https://git.kernel.org/stable/c/7f59999fcd699af06ad2aef446a635ea6aa87db3 https://git.kernel.org/stable/c/ae81fac9ce81917817d787e6b74e68482d99bdf2 https://git.kernel.org/stable/c/b74bf7d0d01fa9b53653f58c29aa00772121f6e9 https://git.kernel.org/stable/c/f1ceaaf93ea32d0f2b95c95f784ee155962c52ad https://git.kernel.org/stable/c/fb1725c0804dbec9dd01c4cb5c9f1f77a69e36dc

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-05-06T11:27:22.892Z

Updated: 2026-05-11T22:18:27.298Z

Reserved: 2026-05-01T14:12:55.988Z

Link: CVE-2026-43136

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2026-05-06T12:16:30.880

Modified: 2026-05-12T21:14:20.437

Link: CVE-2026-43136

Redhat

Severity : Moderate

Publid Date: 2026-05-06T00:00:00Z

Links: CVE-2026-43136 - Bugzilla

OpenCVE Enrichment

Updated: 2026-05-13T02:00:11Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object