CVE-2026-43140
Published: May 6, 2026
Modified: May 11, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: HID: magicmouse: Do not crash on missing msc->input Fake USB devices can send their own report descriptors for which the input_mapping() hook does not get called. In this case, msc->input stays NULL, leading to a crash at a later time. Detect this condition in the input_configured() hook and reject the device. This is not supposed to happen with actual magic mouse devices, but can be provoked by imposing as a magic mouse USB device.
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected 64eb105d7f92fa48798106ac0d8bf17668eb2524 - < db5ba06e7af9325519a03e52fccf4a9e7c1fd9b2affected 64eb105d7f92fa48798106ac0d8bf17668eb2524 - < 165912d4321c692321c02793068d30700b4e0f1aaffected 64eb105d7f92fa48798106ac0d8bf17668eb2524 - < f6a3860241fbb556fd72332fa31c5e787004413baffected 64eb105d7f92fa48798106ac0d8bf17668eb2524 - < 243e1165eb03aca97d87aafa9c3130593837a1c2affected 64eb105d7f92fa48798106ac0d8bf17668eb2524 - < 922bd3e498a4b8e445def6e6ffea2ad3682ad516+3 more versions |
Linux | Linux | affected 2.6.37unaffected 0 - < 2.6.37unaffected 5.10.252 - <= 5.10.*unaffected 5.15.202 - <= 5.15.*unaffected 6.1.165 - <= 6.1.*+5 more versions |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now