CVE-2026-43136 PUBLISHED

HID: logitech-hidpp: Check maxfield in hidpp_get_report_length()

Assigner: Linux
Reserved: 01.05.2026 Published: 06.05.2026 Updated: 06.05.2026

In the Linux kernel, the following vulnerability has been resolved:

HID: logitech-hidpp: Check maxfield in hidpp_get_report_length()

Do not crash when a report has no fields.

Fake USB gadgets can send their own HID report descriptors and can define report structures without valid fields. This can be used to crash the kernel over USB.

Product Status

Vendor Linux
Product Linux
Versions Default: unaffected
  • affected from 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 to ae81fac9ce81917817d787e6b74e68482d99bdf2 (excl.)
  • affected from 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 to 2dc023dbc11b8dfa8afa63242762acd8cddcad03 (excl.)
  • affected from 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 to 7f59999fcd699af06ad2aef446a635ea6aa87db3 (excl.)
  • affected from 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 to b74bf7d0d01fa9b53653f58c29aa00772121f6e9 (excl.)
  • affected from 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 to f1ceaaf93ea32d0f2b95c95f784ee155962c52ad (excl.)
  • affected from 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 to 1acb28123e57b50d737377f400f57eec889fe5e4 (excl.)
  • affected from 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 to fb1725c0804dbec9dd01c4cb5c9f1f77a69e36dc (excl.)
  • affected from 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 to 1547d41f9f19d691c2c9ce4c29f746297baef9e9 (excl.)
Vendor Linux
Product Linux
Versions Default: affected
  • unaffected from 5.10.252 to 5.10.* (incl.)
  • unaffected from 5.15.202 to 5.15.* (incl.)
  • unaffected from 6.1.165 to 6.1.* (incl.)
  • unaffected from 6.6.128 to 6.6.* (incl.)
  • unaffected from 6.12.75 to 6.12.* (incl.)
  • unaffected from 6.18.16 to 6.18.* (incl.)
  • unaffected from 6.19.6 to 6.19.* (incl.)
  • unaffected from 7.0 to * (incl.)

References