Bug 2464486 (CVE-2026-43049)
| Summary: | CVE-2026-43049 kernel: HID: logitech-hidpp: Prevent use-after-free on force feedback initialisation failure | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | OSIDB Bzimport <bzimport> |
| Component: | vulnerability | Assignee: | Product Security <prodsec-ir-bot> |
| Status: | NEW --- | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | rhel-process-autobot, watson-tool-maintainers |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | --- | |
| Doc Text: |
A flaw was found in the Linux kernel's logitech-hidpp driver. When the force feedback initialization fails for the Logitech G920 Driving Force Racing Wheel, the driver returns an error before properly tearing down userspace infrastructure. This can lead to a use-after-free (UAF) vulnerability if userspace applications continue to access these deallocated resources. A successful exploitation of a UAF flaw could potentially result in a denial of service or arbitrary code execution.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
OSIDB Bzimport
2026-05-01 15:09:29 UTC
|