CVE-2026-43140

MEDIUM EPSS 2.8%
Published May 6, 20261mo ago · Modified Jun 17, 20261w ago
5.5 CVSS 3.1
Medium
Find Similar
Published May 6, 2026 1mo ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: HID: magicmouse: Do not crash on missing msc->input Fake USB devices can send their own report descriptors for which the input_mapping() hook does not get called. In this case, msc->input stays NULL, leading to a crash at a later time. Detect this condition in the input_configured() hook and reject the device. This is not supposed to happen with actual magic mouse devices, but can be provoked by imposing as a magic mouse USB device.

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
2.8% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-476 NULL Pointer Dereference Memory Safety

Affected Products 7

VendorProductVersionRange
linuxlinux_kernel*≥2.6.37  –  <5.10.252
linuxlinux_kernel*≥5.11  –  <5.15.202
linuxlinux_kernel*≥5.16  –  <6.1.165
linuxlinux_kernel*≥6.2  –  <6.6.128
linuxlinux_kernel*≥6.7  –  <6.12.75
linuxlinux_kernel*≥6.13  –  <6.18.16
linuxlinux_kernel*≥6.19  –  <6.19.6

References 8

  • git.kernel.org https://git.kernel.org/stable/c/165912d4321c692321c02793068d30700b4e0f1a
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/17abd396548035fbd6179ee1a431bd75d49676a7
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/243e1165eb03aca97d87aafa9c3130593837a1c2
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/36c83c1329dd881f290f7df2feadfb9a21775108
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/5bbe266272d86c0657e8253600f3d5b74fb7b2ae
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/922bd3e498a4b8e445def6e6ffea2ad3682ad516
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/db5ba06e7af9325519a03e52fccf4a9e7c1fd9b2
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/f6a3860241fbb556fd72332fa31c5e787004413b
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/165912d4321c692321c02793068d30700b4e0f1a
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/17abd396548035fbd6179ee1a431bd75d49676a7
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/243e1165eb03aca97d87aafa9c3130593837a1c2
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/36c83c1329dd881f290f7df2feadfb9a21775108
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/5bbe266272d86c0657e8253600f3d5b74fb7b2ae
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/922bd3e498a4b8e445def6e6ffea2ad3682ad516
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/db5ba06e7af9325519a03e52fccf4a9e7c1fd9b2
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/f6a3860241fbb556fd72332fa31c5e787004413b
    Patch