Main Vulnerability Database SB2026032595

SB2026032595 - NULL Pointer Dereference in Linux kernel hid usbhid driver

Published: March 25, 2026

Security Bulletin ID SB2026032595

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) NULL Pointer Dereference (CVE-ID: CVE-2026-23349)

The vulnerability allows a local user to cause a denial of service.

The vulnerability exists due to improper null pointer handling in the HID subsystem's pidff driver when processing force feedback effects. A local user can trigger a NULL pointer dereference by manipulating condition effect bits, leading to a system crash.

Exploitation requires access to the force feedback interface, typically available to local users with device permissions.

Remediation

Install update from vendor's website.

References

https://git.kernel.org/stable/c/97d5c8f5c09a604c4873c8348f58de3cea69a7df
https://git.kernel.org/stable/c/d1edc027a4b0bb4c7a2670b530590b4df6177011
https://git.kernel.org/stable/c/ef0e669dbceaf3d7bb4ae0b235fa61feabd92b0b