HID: logitech-hidpp: Prevent use-after-free on force feedback initialisation failure
Summary
| CVE | CVE-2026-43049 |
|---|---|
| State | PUBLISHED |
| Assigner | Linux |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2026-05-01 15:16:51 UTC |
| Updated | 2026-05-07 19:05:22 UTC |
| Description | In the Linux kernel, the following vulnerability has been resolved: HID: logitech-hidpp: Prevent use-after-free on force feedback initialisation failure Presently, if the force feedback initialisation fails when probing the Logitech G920 Driving Force Racing Wheel for Xbox One, an error number will be returned and propagated before the userspace infrastructure (sysfs and /dev/input) has been torn down. If userspace ignores the errors and continues to use its references to these dangling entities, a UAF will promptly follow. We have 2 options; continue to return the error, but ensure that all of the infrastructure is torn down accordingly or continue to treat this condition as a warning by emitting the message but returning success. It is thought that the original author's intention was to emit the warning but keep the device functional, less the force feedback feature, so let's go with that. |
Risk And Classification
Primary CVSS: v3.1 7.8 HIGH from [email protected]
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS: 0.000180000 probability, percentile 0.046430000 (date 2026-05-05)
Problem Types: CWE-416
CVSS v3.1 Breakdown
Attack Vector
LocalAttack Complexity
LowPrivileges Required
LowUser Interaction
NoneScope
UnchangedConfidentiality
HighIntegrity
HighAvailability
HighCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Linux | Linux Kernel | All | All | All | All |
Vendor Declared Affected Products
| Source | Vendor | Product | Version | Platforms |
|---|---|---|---|---|
| CNA | Linux | Linux | affected abdd3d0b344fdf72a4904d09b97bc964d74c4419 772f99cc8d6e5d95613bce93c9624e154c1abe88 git | Not specified |
| CNA | Linux | Linux | affected abdd3d0b344fdf72a4904d09b97bc964d74c4419 b846fb0a73e99174f08238e083e284c0463a2102 git | Not specified |
| CNA | Linux | Linux | affected abdd3d0b344fdf72a4904d09b97bc964d74c4419 9a793ac19eb84f44ed759c0fce80cf29bc2a2453 git | Not specified |
| CNA | Linux | Linux | affected abdd3d0b344fdf72a4904d09b97bc964d74c4419 f7a4c78bfeb320299c1b641500fe7761eadbd101 git | Not specified |
| CNA | Linux | Linux | affected 5f7fd3576cf30d502a8b2aec4e7a49c4f894e253 git | Not specified |
| CNA | Linux | Linux | affected 5.4 | Not specified |
| CNA | Linux | Linux | unaffected 5.4 semver | Not specified |
| CNA | Linux | Linux | unaffected 6.12.81 6.12.* semver | Not specified |
| CNA | Linux | Linux | unaffected 6.18.22 6.18.* semver | Not specified |
| CNA | Linux | Linux | unaffected 6.19.12 6.19.* semver | Not specified |
| CNA | Linux | Linux | unaffected 7.0 * original_commit_for_fix | Not specified |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| git.kernel.org/stable/c/9a793ac19eb84f44ed759c0fce80cf29bc2a2453 | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | git.kernel.org | Patch |
| git.kernel.org/stable/c/b846fb0a73e99174f08238e083e284c0463a2102 | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | git.kernel.org | Patch |
| git.kernel.org/stable/c/772f99cc8d6e5d95613bce93c9624e154c1abe88 | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | git.kernel.org | Patch |
| git.kernel.org/stable/c/f7a4c78bfeb320299c1b641500fe7761eadbd101 | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | git.kernel.org | Patch |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.