CVE-2026-43049

Published: Mag 01, 2026 Last Modified: Mag 01, 2026
ExploitDB:
Other exploit source:
Google Dorks:

Description

AI Translation Available

In the Linux kernel, the following vulnerability has been resolved:

HID: logitech-hidpp: Prevent use-after-free on force feedback initialisation failure

Presently, if the force feedback initialisation fails when probing the
Logitech G920 Driving Force Racing Wheel for Xbox One, an error number
will be returned and propagated before the userspace infrastructure
(sysfs and /dev/input) has been torn down. If userspace ignores the
errors and continues to use its references to these dangling entities, a
UAF will promptly follow.

We have 2 options; continue to return the error, but ensure that all of
the infrastructure is torn down accordingly or continue to treat this
condition as a warning by emitting the message but returning success.
It is thought that the original author's intention was to emit the
warning but keep the device functional, less the force feedback feature,
so let's go with that.

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score
0,0002
Percentile
0,0th
Updated

EPSS Score Trend (Last 2 Days)

https://git.kernel.org/stable/c/772f99cc8d6e5d95613bce93c96…
https://git.kernel.org/stable/c/772f99cc8d6e5d95613bce93c9624e154c1abe88
https://git.kernel.org/stable/c/9a793ac19eb84f44ed759c0fce8…
https://git.kernel.org/stable/c/9a793ac19eb84f44ed759c0fce80cf29bc2a2453
https://git.kernel.org/stable/c/b846fb0a73e99174f08238e083e…
https://git.kernel.org/stable/c/b846fb0a73e99174f08238e083e284c0463a2102
https://git.kernel.org/stable/c/f7a4c78bfeb320299c1b641500f…
https://git.kernel.org/stable/c/f7a4c78bfeb320299c1b641500fe7761eadbd101