Volerion logoVolerion
Volerion logoVolerion

Linux Kernel HID Prodikeys Null Pointer Dereference Vulnerability

Vulnerability

A vulnerability in the Linux kernel's HID Prodikeys driver can lead to a null pointer dereference and subsequent crash. This issue arises when fake USB devices send report descriptors that bypass the input_mapping() hook, leaving the pm->input_ep82 variable null. While this problem does not occur with genuine devices, it can be exploited by simulating a fake device.

Impact

Exploitation of this vulnerability causes a kernel crash due to a null pointer dereference.

Reproduction

The vulnerability can be reproduced by using a fake USB device that sends custom report descriptors without invoking the input_mapping() hook. This can be achieved by impersonating a real device, which will result in the pm->input_ep82 variable remaining null. When the system later attempts to access this variable, a crash will occur.

Remediation

Users can update to the latest version of the Linux kernel where this vulnerability has been addressed.

Added: May 6, 2026, 12:57 PM
Updated: May 6, 2026, 12:57 PM

Vulnerability Rating

Custom Algorithm
spread
9.0
impact
2.5
exploitability
2.9
remediation
7.7
relevance
7.6
threat
4.8
urgency
2.9
incentive
0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.