Skip to main content

Linux Kernel HID CVE-2026-43152

| EUVDEUVD-2026-27713 MEDIUM
2026-05-06 Linux GHSA-9988-cq64-6qpm
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
SUSE
MEDIUM
qualitative
Red Hat
5.5 MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

4
Analysis Generated
Jun 08, 2026 - 11:16 vuln.today
CVSS changed
May 13, 2026 - 20:22 NVD
5.5 (MEDIUM)
Patch available
May 06, 2026 - 13:32 EUVD
CVE Published
May 06, 2026 - 11:27 nvd
MEDIUM 5.5

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

HID: hid-pl: handle probe errors

Errors in init must be reported back or we'll follow a NULL pointer the first time FF is used.

AnalysisAI

NULL pointer dereference in the Linux kernel's hid-pl driver (Pantherlord/GreenAsia USB game controllers) allows a local low-privileged user to crash the kernel by triggering force feedback on an improperly initialized device. The root cause is unhandled probe errors during driver initialization that leave NULL pointers in place of valid data structures, which are later dereferenced when force feedback is first invoked. No active exploitation is confirmed (not in CISA KEV), and the EPSS score of 0.02% at the 7th percentile reflects negligible real-world exploitation probability.

Technical ContextAI

The hid-pl kernel module manages force feedback for Pantherlord/GreenAsia-based USB HID game controllers, a driver lineage traceable to Linux 2.6.21 (introducing commit 20eb12790670985c8e30821218993bd260387b89). During probe, if initialization fails, the error code is not propagated back to the caller; instead, the function returns silently, leaving a NULL pointer where an initialized force feedback data structure is expected. When the force feedback subsystem later dereferences this NULL pointer on first use, it triggers a kernel oops or panic. This maps to CWE-476 (NULL Pointer Dereference), a classic initialization-path error in kernel driver code. The CPE cpe:2.3:a:linux:linux:*:*:*:*:*:*:*:* confirms broad Linux kernel applicability across all architectures where this driver is compiled in.

RemediationAI

Update to a patched kernel version: 5.10.252, 5.15.202, 6.1.165, 6.6.128, 6.12.75, 6.18.16, 6.19.6, or 7.0. The individual upstream fix commits are available at https://git.kernel.org/stable/c/78df3de826668fe842c6061a91bc1ed68f493e80, https://git.kernel.org/stable/c/926e6715b48b575ed7754bf163a67686bb2eb111, and the other six referenced kernel.org commits. For Red Hat and SUSE deployments, monitor vendor security portals for distribution-packaged kernel updates. As a compensating control where patching is not immediately possible, restrict unauthorized USB device attachment via udev authorization rules (echo 0 > /sys/bus/usb/devices/usbX/authorized disables specific ports) or deploy a USB device allowlist policy - this prevents the vulnerable hid-pl module from probing unrecognized HID devices. Alternatively, blacklisting the hid-pl module (echo 'blacklist hid-pl' >> /etc/modprobe.d/hid-pl-blacklist.conf) eliminates the attack surface entirely, at the cost of losing force feedback support for Pantherlord/GreenAsia controllers.

Vendor StatusVendor

SUSE

Severity: Medium
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed

Share

CVE-2026-43152 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy