CVE-2026-43140
Awaiting Analysis Awaiting Analysis - Queue
HID Input Null Pointer Dereference in Linux Kernel

Publication date: 2026-05-06

Last updated on: 2026-05-06

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: HID: magicmouse: Do not crash on missing msc->input Fake USB devices can send their own report descriptors for which the input_mapping() hook does not get called. In this case, msc->input stays NULL, leading to a crash at a later time. Detect this condition in the input_configured() hook and reject the device. This is not supposed to happen with actual magic mouse devices, but can be provoked by imposing as a magic mouse USB device.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-06
Last Modified
2026-05-06
Generated
2026-06-16
AI Q&A
2026-05-06
EPSS Evaluated
2026-06-14
NVD
CVE-2026-43140
EUVD
EUVD-2026-27703
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
linux kernel to 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (exc)
linux_kernel magicmouse *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the Linux kernel's handling of HID magicmouse devices. Fake USB devices can send their own report descriptors that bypass the usual input_mapping() hook. As a result, a pointer (msc->input) remains NULL, which later causes the system to crash.

The issue arises because the system does not detect this condition early enough. The fix involves detecting this condition in the input_configured() hook and rejecting the device to prevent the crash.

This vulnerability is not expected to occur with genuine magic mouse devices but can be triggered by pretending to be a magic mouse USB device.

Impact Analysis

This vulnerability can cause the Linux kernel to crash when it encounters a specially crafted fake USB device masquerading as a magic mouse. Such a crash can lead to denial of service, disrupting normal system operation.

Detection Guidance

This vulnerability involves fake USB devices sending their own report descriptors that cause the Linux kernel to crash due to a missing msc->input pointer.

Detection would involve monitoring for unusual USB devices that identify as a magic mouse but do not trigger the input_mapping() hook, leading to a NULL msc->input pointer.

However, no specific detection commands or tools are provided in the available information.

Mitigation Strategies

The vulnerability has been resolved by detecting the problematic condition in the input_configured() hook and rejecting the device.

Immediate mitigation steps would include updating the Linux kernel to a version that includes this fix.

No other specific mitigation steps or workarounds are provided in the available information.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-43140. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart