CVE-2026-43152 - Vulnerability Details

- HID: hid-pl: handle probe errors

Description

In the Linux kernel, the following vulnerability has been resolved:

HID: hid-pl: handle probe errors

Errors in init must be reported back or we'll
follow a NULL pointer the first time FF is used.

Published: 2026-05-06

Score: n/a

EPSS: n/a

KEV: No

Impact:

Action:

Analysis

Impact

The Linux kernel HID plug‑and‑play module fails to report probe errors correctly, resulting in a NULL pointer dereference when force‑feedback (FF) functionality is first used. This bug can cause the system to crash or panic, interrupting all services and potentially requiring a reboot. The vulnerability affects confidentiality and integrity only indirectly, as the crash does not provide direct data disclosure or code execution.

Affected Systems

Vulnerable systems are Linux kernels that include the HID‑PL subsystem before the fix. The exact affected releases are not listed, but any kernel version not containing the commit that resolves the probe error is at risk. Administrators should review the release notes of upcoming kernel versions for the addressed change.

Risk and Exploitability

Based on the description, it is inferred that the likely attack vector is a user or attacker who can use force‑feedback capabilities on a connected HID device, such as a game controller or joystick. In such an environment, triggering the force‑feedback action would cause the kernel to follow a NULL pointer during the first use, leading to a crash. The lack of a KEV or EPSS entry indicates that public exploitation has not been observed, but a local or device‑based denial of service remains possible. The potential for a kernel panic suggests high impact if the flaw is triggered. The exploitability depends on the attacker’s ability to interact with a HID device that exercises force‑feedback.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`20eb12790670985c8e30821218993bd260387b89`	affected	< 78df3de826668fe842c6061a91bc1ed68f493e80
`20eb12790670985c8e30821218993bd260387b89`	affected	< 8a84149337eb5e716e6d59f48ff0374dae8d8b2b
`20eb12790670985c8e30821218993bd260387b89`	affected	< 926e6715b48b575ed7754bf163a67686bb2eb111
`20eb12790670985c8e30821218993bd260387b89`	affected	< 449004434e1f55be85604b2645f2d07c4a92fe53
`20eb12790670985c8e30821218993bd260387b89`	affected	< 04e50f45b5175bb90a06f5003113cb4ed6ba44c2
`20eb12790670985c8e30821218993bd260387b89`	affected	< 1d46d07458dba369daf61fb643d40a62c8423d8e
`20eb12790670985c8e30821218993bd260387b89`	affected	< 7d2f4fdf134e7398847417b25743e1e04928c7d7
`20eb12790670985c8e30821218993bd260387b89`	affected	< 3756a272d2cf356d2203da8474d173257f5f8521

Linux

affected

Version	Status	Constraints
`2.6.21`	affected	—
`0`	unaffected	< 2.6.21
`5.10.252`	unaffected	≤ 5.10.*
`5.15.202`	unaffected	≤ 5.15.*
`6.1.165`	unaffected	≤ 6.1.*
`6.6.128`	unaffected	≤ 6.6.*
`6.12.75`	unaffected	≤ 6.12.*
`6.18.16`	unaffected	≤ 6.18.*
`6.19.6`	unaffected	≤ 6.19.*
`7.0`	unaffected	≤ *

No data.

Vendor Product Confidence Versions

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[20eb12790670985c8e30821218993bd260387b89,78df3de826668fe842c6061a91bc1ed68f493e80)`	affected	code_commit	—
`[20eb12790670985c8e30821218993bd260387b89,8a84149337eb5e716e6d59f48ff0374dae8d8b2b)`	affected	code_commit	—
`[20eb12790670985c8e30821218993bd260387b89,926e6715b48b575ed7754bf163a67686bb2eb111)`	affected	code_commit	—
`[20eb12790670985c8e30821218993bd260387b89,449004434e1f55be85604b2645f2d07c4a92fe53)`	affected	code_commit	—
`[20eb12790670985c8e30821218993bd260387b89,04e50f45b5175bb90a06f5003113cb4ed6ba44c2)`	affected	code_commit	—
`[20eb12790670985c8e30821218993bd260387b89,1d46d07458dba369daf61fb643d40a62c8423d8e)`	affected	code_commit	—
`[20eb12790670985c8e30821218993bd260387b89,7d2f4fdf134e7398847417b25743e1e04928c7d7)`	affected	code_commit	—
`[20eb12790670985c8e30821218993bd260387b89,3756a272d2cf356d2203da8474d173257f5f8521)`	affected	code_commit	—

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`2.6.21`	affected	semver	—
`[0,2.6.21)`	unaffected	semver	—
`[5.10.252,5.11.0)`	unaffected	semver	—
`[5.15.202,5.16.0)`	unaffected	semver	—
`[6.1.165,6.2.0)`	unaffected	semver	—
`[6.6.128,6.7.0)`	unaffected	semver	—
`[6.12.75,6.13.0)`	unaffected	semver	—
`[6.18.16,6.19.0)`	unaffected	semver	—
`[6.19.6,6.20.0)`	unaffected	semver	—
`[7.0,*]`	unaffected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Update the kernel to a release that includes the HID plug‑and‑play probe error fix (commit 04e50f45b5175bb90a06f5003113cb4ed6ba44c2 or later).
Reboot the system to load the updated kernel and ensure the new module is active.
Verify that no probe errors occur when force‑feedback is accessed on connected HID devices and monitor system logs for related panic messages.

Generated by OpenCVE AI on May 6, 2026 at 17:06 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/04e50f45b5175bb90a06f5003113cb4ed6ba44c2
https://git.kernel.org/stable/c/1d46d07458dba369daf61fb643d40a62c8423d8e
https://git.kernel.org/stable/c/3756a272d2cf356d2203da8474d173257f5f8521
https://git.kernel.org/stable/c/449004434e1f55be85604b2645f2d07c4a92fe53
https://git.kernel.org/stable/c/78df3de826668fe842c6061a91bc1ed68f493e80
https://git.kernel.org/stable/c/7d2f4fdf134e7398847417b25743e1e04928c7d7
https://git.kernel.org/stable/c/8a84149337eb5e716e6d59f48ff0374dae8d8b2b
https://git.kernel.org/stable/c/926e6715b48b575ed7754bf163a67686bb2eb111

History

Wed, 06 May 2026 17:30:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-476

Wed, 06 May 2026 12:15:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: HID: hid-pl: handle probe errors Errors in init must be reported back or we'll follow a NULL pointer the first time FF is used.
Title		HID: hid-pl: handle probe errors
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/04e50f45b5175bb90a06f5003113cb4ed6ba44c2 https://git.kernel.org/stable/c/1d46d07458dba369daf61fb643d40a62c8423d8e https://git.kernel.org/stable/c/3756a272d2cf356d2203da8474d173257f5f8521 https://git.kernel.org/stable/c/449004434e1f55be85604b2645f2d07c4a92fe53 https://git.kernel.org/stable/c/78df3de826668fe842c6061a91bc1ed68f493e80 https://git.kernel.org/stable/c/7d2f4fdf134e7398847417b25743e1e04928c7d7 https://git.kernel.org/stable/c/8a84149337eb5e716e6d59f48ff0374dae8d8b2b https://git.kernel.org/stable/c/926e6715b48b575ed7754bf163a67686bb2eb111

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-05-06T11:27:33.736Z

Updated: 2026-05-06T11:27:33.736Z

Reserved: 2026-05-01T14:12:55.989Z

Link: CVE-2026-43152

Vulnrichment

No data.

NVD

Status : Awaiting Analysis

Published: 2026-05-06T12:16:32.943

Modified: 2026-05-06T13:07:51.607

Link: CVE-2026-43152

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-05-06T17:15:08Z

Weaknesses

CWE-476

Impact

Affected Systems

Risk and Exploitability

Tracking

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object