CVE-2026-43049

EPSS 0.01%
Veröffentlicht 01.05.2026 14:15:43
Zuletzt bearbeitet 07.05.2026 19:05:22
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

HID: logitech-hidpp: Prevent use-after-free on force feedback initialisation failure

In the Linux kernel, the following vulnerability has been resolved:

HID: logitech-hidpp: Prevent use-after-free on force feedback initialisation failure

Presently, if the force feedback initialisation fails when probing the
Logitech G920 Driving Force Racing Wheel for Xbox One, an error number
will be returned and propagated before the userspace infrastructure
(sysfs and /dev/input) has been torn down.  If userspace ignores the
errors and continues to use its references to these dangling entities, a
UAF will promptly follow.

We have 2 options; continue to return the error, but ensure that all of
the infrastructure is torn down accordingly or continue to treat this
condition as a warning by emitting the message but returning success.
It is thought that the original author's intention was to emit the
warning but keep the device functional, less the force feedback feature,
so let's go with that.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 7

NVD 12 VulnDex Vulnerability Enrichment 14

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version >= 5.4.1 < 6.12.81

Linux ≫ Linux Kernel Version >= 6.13 < 6.18.22

Linux ≫ Linux Kernel Version >= 6.19 < 6.19.12

Linux ≫ Linux Kernel Version5.3.9

Linux ≫ Linux Kernel Version5.4 Update-

Linux ≫ Linux Kernel Version5.4 Updaterc6

Linux ≫ Linux Kernel Version5.4 Updaterc7

Linux ≫ Linux Kernel Version5.4 Updaterc8

Linux ≫ Linux Kernel Version7.0 Updaterc1

Linux ≫ Linux Kernel Version7.0 Updaterc2

Linux ≫ Linux Kernel Version7.0 Updaterc3

Linux ≫ Linux Kernel Version7.0 Updaterc4

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.01%	0.024

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

https://git.kernel.org/stable/c/772f99cc8d6e5d95613bce93c9624e154c1abe88

Patch

https://git.kernel.org/stable/c/b846fb0a73e99174f08238e083e284c0463a2102

Patch

https://git.kernel.org/stable/c/9a793ac19eb84f44ed759c0fce80cf29bc2a2453

Patch

https://git.kernel.org/stable/c/f7a4c78bfeb320299c1b641500fe7761eadbd101

Patch

https://nvd.nist.gov/vuln/detail/CVE-2026-43049

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-43049

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-43049

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-43049