Linux Kernel HID Prodikeys Crash via Fake USB Descriptor (CVE-2026-43251)
CVE-2026-43251 Published on May 6, 2026
HID: prodikeys: Check presence of pm->input_ep82
In the Linux kernel, the following vulnerability has been resolved:
HID: prodikeys: Check presence of pm->input_ep82
Fake USB devices can send their own report descriptors for which the
input_mapping() hook does not get called. In this case, pm->input_ep82 stays
NULL, which leads to a crash later.
This does not happen with the real device, but can be provoked by imposing as
one.
Products Associated with CVE-2026-43251
Want to know whenever a new CVE is published for Linux Kernel? stack.watch will email you.
Affected Versions
Linux:- Version 3a370ca1dcf8c80aff7a0a21d6b0f50ca2a151e9 and below f580c79683356632f12f2c2029f2fe936d953aa1 is affected.
- Version 3a370ca1dcf8c80aff7a0a21d6b0f50ca2a151e9 and below ee572578f09f0e743e9383393a75c3a7a0f9b4c2 is affected.
- Version 3a370ca1dcf8c80aff7a0a21d6b0f50ca2a151e9 and below edccbf7d6dc05d692bde3a89de5a4001f72a0fa4 is affected.
- Version 3a370ca1dcf8c80aff7a0a21d6b0f50ca2a151e9 and below 3f1b21cc67a15d7d081378a9b8747dd000a017b8 is affected.
- Version 3a370ca1dcf8c80aff7a0a21d6b0f50ca2a151e9 and below e7ac1cd823cd2e9fcbd5cb0b261d6d35dbb79341 is affected.
- Version 3a370ca1dcf8c80aff7a0a21d6b0f50ca2a151e9 and below d5512ce892f774d37c53082adadfcad04f21b50e is affected.
- Version 3a370ca1dcf8c80aff7a0a21d6b0f50ca2a151e9 and below d08f35f843881ec504d7537a9bb728a073db3366 is affected.
- Version 3a370ca1dcf8c80aff7a0a21d6b0f50ca2a151e9 and below cee8337e1bad168136aecfe6416ecd7d3aa7529a is affected.
- Version 2.6.35 is affected.
- Before 2.6.35 is unaffected.
- Version 5.10.252, <= 5.10.* is unaffected.
- Version 5.15.202, <= 5.15.* is unaffected.
- Version 6.1.165, <= 6.1.* is unaffected.
- Version 6.6.128, <= 6.6.* is unaffected.
- Version 6.12.75, <= 6.12.* is unaffected.
- Version 6.18.16, <= 6.18.* is unaffected.
- Version 6.19.6, <= 6.19.* is unaffected.
- Version 7.0, <= * is unaffected.