CVE-2026-43136

Source
https://cve.org/CVERecord?id=CVE-2026-43136
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-43136.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2026-43136
Downstream
Published
2026-05-06T11:27:22.892Z
Modified
2026-06-18T03:56:02.574083355Z
Summary
HID: logitech-hidpp: Check maxfield in hidpp_get_report_length()
Details

In the Linux kernel, the following vulnerability has been resolved:

HID: logitech-hidpp: Check maxfield in hidppgetreport_length()

Do not crash when a report has no fields.

Fake USB gadgets can send their own HID report descriptors and can define report structures without valid fields. This can be used to crash the kernel over USB.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/43xxx/CVE-2026-43136.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
fe3ee1ec007bf7b10d7c02814d4b8fbe7d9bb435
Fixed
ae81fac9ce81917817d787e6b74e68482d99bdf2
Fixed
2dc023dbc11b8dfa8afa63242762acd8cddcad03
Fixed
7f59999fcd699af06ad2aef446a635ea6aa87db3
Fixed
b74bf7d0d01fa9b53653f58c29aa00772121f6e9
Fixed
f1ceaaf93ea32d0f2b95c95f784ee155962c52ad
Fixed
1acb28123e57b50d737377f400f57eec889fe5e4
Fixed
fb1725c0804dbec9dd01c4cb5c9f1f77a69e36dc
Fixed
1547d41f9f19d691c2c9ce4c29f746297baef9e9

Database specific

source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-43136.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
5.2.0
Fixed
5.10.252
Type
ECOSYSTEM
Events
Introduced
5.11.0
Fixed
5.15.202
Type
ECOSYSTEM
Events
Introduced
5.16.0
Fixed
6.1.165
Type
ECOSYSTEM
Events
Introduced
6.2.0
Fixed
6.6.128
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.12.75
Type
ECOSYSTEM
Events
Introduced
6.13.0
Fixed
6.18.16
Type
ECOSYSTEM
Events
Introduced
6.19.0
Fixed
6.19.6

Database specific

source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-43136.json"