NULL pointer dereference in Linux kernel - CVE-2026-43152
Published: May 7, 2026
Vulnerability identifier: #VU130594
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2026-43152
CWE-ID: CWE-476
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Linux Foundation
Affected software:
Linux kernel
Linux kernel
Detailed vulnerability description
The vulnerability allows a local user to cause a denial of service.
The vulnerability exists due to a NULL pointer dereference in the hid-pl driver when using force feedback after a failed device probe. A local user can trigger force feedback on a device in this state to cause a denial of service.
How to mitigate CVE-2026-43152
Install security update from vendor's repository.
Sources
- https://git.kernel.org/stable/c/04e50f45b5175bb90a06f5003113cb4ed6ba44c2
- https://git.kernel.org/stable/c/1d46d07458dba369daf61fb643d40a62c8423d8e
- https://git.kernel.org/stable/c/3756a272d2cf356d2203da8474d173257f5f8521
- https://git.kernel.org/stable/c/449004434e1f55be85604b2645f2d07c4a92fe53
- https://git.kernel.org/stable/c/78df3de826668fe842c6061a91bc1ed68f493e80
- https://git.kernel.org/stable/c/7d2f4fdf134e7398847417b25743e1e04928c7d7
- https://git.kernel.org/stable/c/8a84149337eb5e716e6d59f48ff0374dae8d8b2b
- https://git.kernel.org/stable/c/926e6715b48b575ed7754bf163a67686bb2eb111