CVE-2022-1215

CVE-2022-1215 concerns a format string vulnerability in the libinput library. Across connected vendors, the issue affects libinput components and is mitigated by upgrading to patched releases (e.g., libinput 1.19.4 and related downstream builds such as 1.19.4-alt1). The root cause is a format str...

CVE-2026-50292

The CVE affects libinput before 1.30.4 and 1.31.x before 1.31.3, where libinput-device-group’s unescaped phys output can inject udev properties, potentially enabling arbitrary root code execution. Affected component: libinput (desktop/input stack). Underlying cause: unescaped phys output in libin...

CVE-2026-35093

Vulnerability overview: CVE-2026-35093 affects libinput. A local attacker can place a crafted Lua bytecode file in certain system or user configuration directories, bypassing security restrictions and executing unauthorized code with the same permissions as the affected program (e.g., a graphical...

CVE-2026-35094

A vulnerability in libinput (CVE-2026-35094) allows information disclosure via a dangling pointer when a garbage-collection cleanup prints a pointer to system logs, if Lua plugins are enabled and loaded by the compositor. Affected are libinput releases prior to the fixed version; Fedora/SUSE advi...