In the Linux kernel, the following vulnerability has been resolved:
HID: prodikeys: Check presence of pm->input_ep82
Fake USB devices can send their own report descriptors for which the inputmapping() hook does not get called. In this case, pm->inputep82 stays NULL, which leads to a crash later.
This does not happen with the real device, but can be provoked by imposing as one.
{
"cna_assigner": "Linux",
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/43xxx/CVE-2026-43251.json"
}