Copyright © 2012 Red Hat, Inc. All rights reserved. Moderate 2026-05-06T00:00:00 kernel: HID: logitech-hidpp: Check maxfield in hidpp_get_report_length() 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CWE-166

In the Linux kernel, the following vulnerability has been resolved: HID: logitech-hidpp: Check maxfield in hidpp_get_report_length() Do not crash when a report has no fields. Fake USB gadgets can send their own HID report descriptors and can define report structures without valid fields. This can be used to crash the kernel over USB.

A flaw was found in the Linux kernel's Human Interface Device (HID) subsystem, specifically within the logitech-hidpp driver. A remote attacker, by connecting a specially crafted Universal Serial Bus (USB) device, could send malformed HID report descriptors that lack valid fields. This could lead to a kernel crash, resulting in a Denial of Service (DoS) for the affected system.

Red Hat Enterprise Linux 10 Affected kernel Red Hat Enterprise Linux 6 Not affected kernel Red Hat Enterprise Linux 7 Not affected kernel Red Hat Enterprise Linux 7 Not affected kernel-rt Red Hat Enterprise Linux 8 Affected kernel Red Hat Enterprise Linux 8 Affected kernel-rt Red Hat Enterprise Linux 9 Affected kernel Red Hat Enterprise Linux 9 Affected kernel-rt https://www.cve.org/CVERecord?id=CVE-2026-43136 https://nvd.nist.gov/vuln/detail/CVE-2026-43136 https://lore.kernel.org/linux-cve-announce/2026050623-CVE-2026-43136-99fb@gregkh/T