Skip to main content

Linux Kernel CVE-2026-43140

| EUVDEUVD-2026-27703 MEDIUM
NULL Pointer Dereference (CWE-476)
2026-05-06 Linux GHSA-q3vc-67q5-pp3g
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
SUSE
MEDIUM
qualitative
Red Hat
5.5 MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

4
Analysis Generated
Jun 08, 2026 - 11:55 vuln.today
CVSS changed
May 13, 2026 - 21:07 NVD
5.5 (MEDIUM)
Patch available
May 06, 2026 - 13:32 EUVD
CVE Published
May 06, 2026 - 11:27 nvd
MEDIUM 5.5

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

HID: magicmouse: Do not crash on missing msc->input

Fake USB devices can send their own report descriptors for which the input_mapping() hook does not get called. In this case, msc->input stays NULL, leading to a crash at a later time.

Detect this condition in the input_configured() hook and reject the device.

This is not supposed to happen with actual magic mouse devices, but can be provoked by imposing as a magic mouse USB device.

AnalysisAI

NULL pointer dereference in the Linux kernel's HID magicmouse driver allows a local attacker with low privileges to crash the kernel by connecting a crafted USB device that impersonates an Apple Magic Mouse. When a fake USB device provides a custom report descriptor, the input_mapping() hook is never called, leaving msc->input as NULL; subsequent access in input_configured() causes a kernel panic and complete availability loss. No public exploit exists and EPSS is negligible at 0.02% (7th percentile), but the impact is a full system denial of service when exploitation conditions are met.

Technical ContextAI

The vulnerability resides in the hid-magicmouse kernel module (drivers/hid/hid-magicmouse.c), which handles Apple Magic Mouse USB HID devices. The driver relies on the input_mapping() hook to initialize the msc->input pointer before input_configured() is invoked. When a USB device presents the Apple Magic Mouse vendor/product ID but supplies crafted report descriptors that bypass the input_mapping() callback, msc->input is never populated and remains NULL. CWE-476 (NULL Pointer Dereference) describes this root cause: the absence of a NULL guard before dereferencing msc->input in input_configured() results in a kernel panic. The fix adds detection of this condition - a NULL msc->input - in input_configured() and rejects the device at that point. Affected CPE: cpe:2.3:a:linux:linux:*:*:*:*:*:*:*:*. This class of issue is reachable from userspace via USB gadget frameworks or physical USB ports.

RemediationAI

Upgrade to a patched kernel version: 5.10.252 or later for the 5.10 LTS branch, 5.15.202 or later for the 5.15 LTS branch, 6.1.165 or later for the 6.1 LTS branch, 6.6.128 or later for the 6.6 LTS branch, 6.12.75 or later for the 6.12 branch, 6.18.16 or later for the 6.18 branch, 6.19.6 or later for the 6.19 branch, or kernel 7.0 and above. Upstream patches are available at https://git.kernel.org/stable/c/db5ba06e7af9325519a03e52fccf4a9e7c1fd9b2 and related stable commits. As a compensating control where patching is not immediately feasible, blacklisting the hid-magicmouse module via a modprobe.d configuration (e.g., 'blacklist hid-magicmouse' in /etc/modprobe.d/) will prevent the vulnerable code from loading, with the trade-off of disabling all legitimate Apple Magic Mouse functionality. Additionally, enforcing USB device authorization policies (e.g., via usbguard) to whitelist only known-good USB devices will reduce the attack surface without impacting other functionality. Red Hat and SUSE customers should apply distribution-specific kernel updates as they become available.

Vendor StatusVendor

SUSE

Severity: Medium
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed

Share

CVE-2026-43140 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy