← Back

CVE-2026-43140

nvd nist
Published: May 6, 2026Modified: May 13, 2026

JSON object

Loading...
5.5
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Exploitability: 1.8 / Impact: 3.6
Source: NVD

Description

In the Linux kernel, the following vulnerability has been resolved: HID: magicmouse: Do not crash on missing msc->input Fake USB devices can send their own report descriptors for which the input_mapping() hook does not get called. In this case, msc->input stays NULL, leading to a crash at a later time. Detect this condition in the input_configured() hook and reject the device. This is not supposed to happen with actual magic mouse devices, but can be provoked by imposing as a magic mouse USB device.

Affected (7)

Products: Linux: Linux Kernel
Linux
1 product
Linux Kernel
Configuration A
7 vulnerable
Vulnerable SoftwareAffected Versions
Linux
Linux Kernel
From 2.6.37 to 5.10.252
Linux Kernel
From 5.11 to 5.15.202
Linux Kernel
From 5.16 to 6.1.165
Linux Kernel
From 6.13 to 6.18.16
Linux Kernel
From 6.19 to 6.19.6
Linux Kernel
From 6.2 to 6.6.128
Linux Kernel
From 6.7 to 6.12.75

Related CWEs

CWE-476
NULL Pointer Dereference
The product dereferences a pointer that it expects to be valid but is NULL.

References (8)

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch

Timeline

No history available yet.