[SECURITY] Fedora 44 Update: libinput-1.31.3-1.fc44

libinput is a library that handles input devices for display servers and other applications that need to directly deal with input devices. It provides device detection, device handling, input device event processing and abstraction so minimize the amount of custom input code the user of libinput...

CVE-2026-46232

In the Linux kernel, the following vulnerability has been resolved: HID: playstation: Clamp numtouchreports A device would never lie about the number of touch reports would it? If it does the loop in dualshock4parsereport will read off the end of the touchreports array, up to about 2 KiB for the...

CVE-2026-48792

pamusb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.1, src/evdev.c silently ignores EACCES errors when opening /dev/input/event nodes, causing pusbhasvirtualinputdevice to return 0 no virtual devices found even when every open call failed due to...

CVE-2026-48792

The connected sources confirm a vulnerability in pam_usb for Linux prior to 0.9.1: evdev.c silently ignores EACCES when opening /dev/input/event* nodes, causing pusb_has_virtual_input_device() to incorrectly report no virtual devices even if opens fail due to insufficient permissions. As a result...

CVE-2026-48792 pam_usb: pusb_has_virtual_input_device() silently discards EACCES, disabling remote desktop detection under non-root execution

pamusb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.1, src/evdev.c silently ignores EACCES errors when opening /dev/input/event nodes, causing pusbhasvirtualinputdevice to return 0 no virtual devices found even when every open call failed due to...

CVE-2026-48792 pam_usb: pusb_has_virtual_input_device() silently discards EACCES, disabling remote desktop detection under non-root execution

pamusb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.1, src/evdev.c silently ignores EACCES errors when opening /dev/input/event nodes, causing pusbhasvirtualinputdevice to return 0 no virtual devices found even when every open call failed due to...

UBUNTU-CVE-2026-46097

In the Linux kernel, the following vulnerability has been resolved: Input: edt-ft5x06 - fix use-after-free in debugfs teardown The commit 68743c500c6e "Input: edt-ft5x06 - use per-client debugfs directory" removed the manual debugfs teardown, relying on the I2C core to handle it. However, this...

pam_usb 安全漏洞

pamusb is a Linux hardware authentication tool developed by McDope’s individual developer, based on USB devices. Versions of pamusb prior to 0.9.1 contained security vulnerabilities. These vulnerabilities stemmed from the silent ignoring of EACCES errors in the src/evdev.c file. This could lead t...

USN-8245-1 linux-azure, linux-azure-6.17, linux-oem-6.17 vulnerabilities

Josh Eads, Kristoffer Janke, Eduardo Vela Nava, Tavis Ormandy, and Matteo Rizzo discovered that some AMD Zen processors did not properly verify the signature of CPU microcode. This flaw is known as EntrySign. A privileged attacker could possibly use this issue to cause load malicious CPU microcod...

PT-2026-37226

Name of the Vulnerable Software and Affected Versions Sandboxie-Plus versions prior to 1.17.3 Description The SbieSvc proxy service's GetRawInputDeviceInfoSlave handler contains an information leak and a stack buffer overflow. An information leak occurs when a sandboxed process sends an IPC reque...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: HID: uclogic: There is an issue with the correct reference to the devm device for the hidinput inputdevice name. The reference should be made to the HID device, not the input device, when allocating the inputdev name. Referring t...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: ALSA: jack: Access to inputdev under a mutex It is possible when using ASoC that the inputdev is not properly registered while calling sndjackreport, which can lead to a NULL pointer derefrence. To prevent this type of serialized...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: HID: nvidia-shield: Reference to hiddevice for devm allocation of the inputdev name. Using hiddevice for devm allocation of the inputdev name helps prevent use-after-free issues. inputunregisterdevice will trigger the cleanup of...

Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Input: appletouch – Initialize work before device registration. Syzbot has reported a warning in flushwork. This warning occurs due to work-func == NULL, which indicates that work initialization was missed. This issue can occur...

DEBIAN-CVE-2026-31667

In the Linux kernel, the following vulnerability has been resolved: Input: uinput - fix circular locking dependency with ff-core A lockdep circular locking dependency warning can be triggered reproducibly when using a force-feedback gamepad with uinput for example, playing ELDEN RING under Wine...

Ubuntu Pro Realtime 24.04 LTS : Linux kernel (Raspberry Pi Real-time) vulnerabilities (USN-8204-1)

"The remote Ubuntu Pro Realtime 24.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8204-1 advisory. Josh Eads, Kristoffer Janke, Eduardo Vela Nava, Tavis Ormandy, and Matteo Rizzo discovered that some AMD Zen processors did not properly...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-013846)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013846 advisory. In the Linux kernel, the following vulnerability has been resolved: Input: uinput - zero-initialize uinputffuploadcompat to avoid info leak Struct ffeffectcompat is...

Unity Linux 20.1050a Security Update: kernel (UTSA-2026-006911)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006911 advisory. In the Linux kernel, the following vulnerability has been resolved: HID: multitouch: Correct devm device reference for hidinput inputdev name Reference the HID devic...

USN-8179-2 linux-aws-fips, linux-fips, linux-gcp-fips vulnerabilities

Josh Eads, Kristoffer Janke, Eduardo Vela Nava, Tavis Ormandy, and Matteo Rizzo discovered that some AMD Zen processors did not properly verify the signature of CPU microcode. This flaw is known as EntrySign. A privileged attacker could possibly use this issue to cause load malicious CPU microcod...

USN-8184-1: Linux kernel (Real-time) vulnerabilities

Josh Eads, Kristoffer Janke, Eduardo Vela Nava, Tavis Ormandy, and Matteo Rizzo discovered that some AMD Zen processors did not properly verify the signature of CPU microcode. This flaw is known as EntrySign. A privileged attacker could possibly use this issue to cause load malicious CPU microcod...