Red Hat Bugzilla – Bug 1473415
RQR12.07_B0029 update hangs, and breaks Logitech wireless USB mouse
Last modified: 2017-11-06 16:23:31 EST
Description of problem:
Attempting to install the latest Fedora 26 patches caused my Logitech wireless mouse to stop working.
Version-Release number of selected component (if applicable):
The update that hanged was labeled "Logitech Unifying Receiver RQR12.01_B0019 -> RQR12.07_B0029" in the software update GUI. Presumably either one version or the other is installed, or perhaps a mixed-up mixture of the two versions. I don't know how to check.
My desktop uses an ASUSTeK M4A87TD/USB3 motherboard. I have a Dell SK-8110 PS/2 keyboard (my Logitech keyboard died and this is a replacement). I have a Logitech M510 wireless USB mouse, P/N 810-001897.
Steps to Reproduce:
1. Run the Software Update GUI.
2. Click on "Updates".
3. There is a row saying "Logitech Unifying Receiver / RQR12.01_B0019 -> RQR12.07_B0029 / This release addresses an unencrypted keystroke injection issue known as Bastille security issue #11...." In the row there is an "Update" button. Click on it.
Nothing happens. The mouse stops working. I waited several minutes. Eventually I rebooted by using the keyboard. The mouse still doesn't work.
I expected the update to work, perhaps by rebooting the system.
I would appreciate being given a command-line way to do the update, and to monitor its progress. I tried this:
dnf --enablerepo=updates-debuginfo update
but it does not seem to suffice; the mouse still does not work after rebooting, and the updates GUI still lists the Logitech Unifying Receiver patch as not being installed.
To work around the problem I substituted a Logitech B100 (P/N 810-001397) wired USB mouse, which works fine. At least now I know no nearby attackers are injecting mouse movements....
The unifying-receiver-udev package contains udev rules for Logitech receivers. It allows Solaar to access these devices.
If updating the firmware stopped the mouse working completely, I don't think it's anything to do with this package - rather it's a problem with the firmware upgrade, which I think is handled by the fwupd package.
(In reply to Richard Fearn from comment #1)
Thanks for fixing the package - this stuff is all unfamiliar ground to me.
In further news, unplugging the wireless mouse's tiny USB dongle, and plugging it back in again, makes the wireless mouse start working again. However, the software updates GUI for a while listed no updates, and now is listing the Logitech Unifying Receiver update again. For now I'm going to assume that the update hasn't entirely taken and that I'm vulnerable to the security problem, so I will revert to the wired mouse.
I can test the wireless mouse if you give me further instructions. Although I expect someone around here has a device that would let me exploit the security hole if it's still present (for testing purposes only of course), I'd rather not have to do that....
> In further news, unplugging the wireless mouse's tiny USB dongle, and
> plugging it back in again, makes the wireless mouse start working again.
I read this recently:
..which talks about how fwupd controls the receiver in order to update the firmware on it. My guess is that fwupd is putting it into a different state so that it can update the firmware, but that the update is then not working. While in this state, the receiver doesn't function normally. But when you unplug/replug it, the receiver starts up normally again, and you can use the mouse.
> However, the software updates GUI for a while listed no updates, and now is
> listing the Logitech Unifying Receiver update again. For now I'm going to
> assume that the update hasn't entirely taken
Sounds exactly like the update hasn't worked.
I only saw this bug because you originally filed it against unifying-receiver-udev, but I'm no expert on fwupd. We should probably wait for Richard Hughes to respond, as he *is* the fwupd expert.
Does "fwupdmgr get-updates" list anything for the device?
Also, are you perhaps hitting https://github.com/hughsie/fwupd/issues/155 too?
(In reply to Richard Hughes from comment #4)
> Does "fwupdmgr get-updates" list anything for the device?
That shell command outputs the following:
Unifying Receiver has firmware updates:
Update Version: RQR12.07_B0029
Update Remote ID: lvfs
Update Checksum: SHA1(d0d33e760ab6eeed6f11b9f9bd7e83820b29e970)
Update Location: https://secure-lvfs.rhcloud.com/downloads/938fec082652c603a1cdafde7cd25d76baadc70d-Logitech-Unifying-RQR12.07_B0029.cab
Update Description: This release addresses an unencrypted keystroke injection issue known as Bastille security issue #11. The vulnerability is complex to replicate and would require a hacker to be physically close to a target.
(In reply to Richard Hughes from comment #5)
> Also, are you perhaps hitting https://github.com/hughsie/fwupd/issues/155
That looks plausible. Is there something simple that I could run, to check? (I won't have physical access to the machine until tomorrow.)
What's the number laser-printed on the USB plug? It starts with U00xxxxx -- thanks.
Not sure what happened to Paul, but I have the same issue on my Logitech Pico receiver (that you have mentioned in https://github.com/hughsie/fwupd/issues/169). My receiver has the following etched on it:
FCC ID: JNZCU0012
I'm also running Fedora 26, on my laptop, and have F27-beta on my desktop. I've been holding off updating the firmware, using the desktop, to monitor for the fix on F26.
Is there anything else that I can get you, information-wise?