CVE-2026-43111

Source
https://cve.org/CVERecord?id=CVE-2026-43111
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-43111.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2026-43111
Downstream
Related
Published
2026-05-06T07:40:37.916Z
Modified
2026-07-11T03:54:02.289899449Z
Severity
  • 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
HID: roccat: fix use-after-free in roccat_report_event
Details

In the Linux kernel, the following vulnerability has been resolved:

HID: roccat: fix use-after-free in roccatreportevent

roccatreportevent() iterates over the device->readers list without holding the readerslock. This allows a concurrent roccatrelease() to remove and free a reader while it's still being accessed, leading to a use-after-free.

Protect the readers list traversal with the readers_lock mutex.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/43xxx/CVE-2026-43111.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
206f5f2fcb5ff5bb0c60f9e9189937f3ca03e378
Fixed
20dca865460f7943cf70afca274b60dac371f546
Fixed
441689e3103694caa3e2d62b7d57c7bccefa5e37
Fixed
181ea51ab0f6370842c5b49cfb86824253a1189e
Fixed
e6a445513fbc6a0329d2d5ff375b6725750ec5a6
Fixed
e16a6d11bd77b81632165f02cf0d5946df74b3b7
Fixed
36bb2d0b915014bbdc5044982b31b57b78045b93
Fixed
bca0b595e15450dd66b1153c76c4ef1087ee011b
Fixed
d802d848308b35220f21a8025352f0c0aba15c12

Database specific

source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-43111.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
2.6.35
Fixed
5.10.258
Type
ECOSYSTEM
Events
Introduced
5.11.0
Fixed
5.15.209
Type
ECOSYSTEM
Events
Introduced
5.16.0
Fixed
6.1.175
Type
ECOSYSTEM
Events
Introduced
6.2.0
Fixed
6.6.136
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.12.83
Type
ECOSYSTEM
Events
Introduced
6.13.0
Fixed
6.18.24
Type
ECOSYSTEM
Events
Introduced
6.19.0
Fixed
6.19.14

Database specific

source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-43111.json"