Copyright © 2012 Red Hat, Inc. All rights reserved. Moderate 2026-05-01T00:00:00 kernel: HID: logitech-hidpp: Prevent use-after-free on force feedback initialisation failure 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CWE-825

A flaw was found in the Linux kernel's logitech-hidpp driver. When the force feedback initialization fails for the Logitech G920 Driving Force Racing Wheel, the driver returns an error before properly tearing down userspace infrastructure. This can lead to a use-after-free (UAF) vulnerability if userspace applications continue to access these deallocated resources. A successful exploitation of a UAF flaw could potentially result in a denial of service or arbitrary code execution.

Logitech HID++ force-feedback init failure could leave a UAF; upstream orders teardown safely. Red Hat recommends updates; unload `hid_logitech_hidpp` where those devices are absent. To mitigate this issue, prevent the hid_logitech_hidpp module from being loaded. See https://access.redhat.com/solutions/41278 for instructions. Red Hat Enterprise Linux 10 Affected kernel Red Hat Enterprise Linux 6 Not affected kernel Red Hat Enterprise Linux 7 Not affected kernel Red Hat Enterprise Linux 7 Not affected kernel-rt Red Hat Enterprise Linux 8 Affected kernel Red Hat Enterprise Linux 8 Affected kernel-rt Red Hat Enterprise Linux 9 Affected kernel Red Hat Enterprise Linux 9 Affected kernel-rt https://www.cve.org/CVERecord?id=CVE-2026-43049 https://nvd.nist.gov/vuln/detail/CVE-2026-43049 https://lore.kernel.org/linux-cve-announce/2026050106-CVE-2026-43049-224e@gregkh/T