7.8

CVE-2026-43049

HID: logitech-hidpp: Prevent use-after-free on force feedback initialisation failure

In the Linux kernel, the following vulnerability has been resolved:

HID: logitech-hidpp: Prevent use-after-free on force feedback initialisation failure

Presently, if the force feedback initialisation fails when probing the
Logitech G920 Driving Force Racing Wheel for Xbox One, an error number
will be returned and propagated before the userspace infrastructure
(sysfs and /dev/input) has been torn down.  If userspace ignores the
errors and continues to use its references to these dangling entities, a
UAF will promptly follow.

We have 2 options; continue to return the error, but ensure that all of
the infrastructure is torn down accordingly or continue to treat this
condition as a warning by emitting the message but returning success.
It is thought that the original author's intention was to emit the
warning but keep the device functional, less the force feedback feature,
so let's go with that.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 5.4.1 < 6.12.81
LinuxLinux Kernel Version >= 6.13 < 6.18.22
LinuxLinux Kernel Version >= 6.19 < 6.19.12
LinuxLinux Kernel Version5.3.9
LinuxLinux Kernel Version5.4 Update-
LinuxLinux Kernel Version5.4 Updaterc6
LinuxLinux Kernel Version5.4 Updaterc7
LinuxLinux Kernel Version5.4 Updaterc8
LinuxLinux Kernel Version7.0 Updaterc1
LinuxLinux Kernel Version7.0 Updaterc2
LinuxLinux Kernel Version7.0 Updaterc3
LinuxLinux Kernel Version7.0 Updaterc4
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.12% 0.019
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

https://git.kernel.org/stable/c/772f99cc8d6e5d95613bce93c9624e154c1abe88
Patch
https://git.kernel.org/stable/c/b846fb0a73e99174f08238e083e284c0463a2102
Patch
https://git.kernel.org/stable/c/9a793ac19eb84f44ed759c0fce80cf29bc2a2453
Patch
https://git.kernel.org/stable/c/f7a4c78bfeb320299c1b641500fe7761eadbd101
Patch