Linux Kernel Uninitialized Value Vulnerability in Iforce Input Handling

Vulnerability

A vulnerability has been identified in the Linux kernel's handling of the iforce input device, specifically in versions prior to the patch for CVE-2022-49790. The issue arises from an uninitialized value being used when the device ID is fetched. The vulnerability is rooted in a length validation error: the code incorrectly checks that the valid length is shorter than the bytes to read. This flaw allows for potential exploitation by manipulating the data buffer during the ID retrieval process.

Impact

Exploitation of this vulnerability could lead to the use of uninitialized memory, which may cause undefined behavior, including potential information disclosure or memory corruption.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel Uninitialized Value Vulnerability in Iforce Input Handling

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating