Volerion logoVolerion
Volerion logoVolerion

Linux Kernel HID Multitouch Input Device Reference Vulnerability

Vulnerability

A use-after-free vulnerability has been addressed in the Linux kernel's HID multitouch driver. The issue arose from incorrectly referencing the input device when allocating the input device name, which could lead to a use-after-free condition. This occurred when the input device was unregistered, freeing the name before it was needed for a uevent. The vulnerability has been fixed by changing the reference to the HID device and using a more straightforward memory allocation method. This vulnerability affects several versions of the Linux kernel.

Impact

The vulnerability could lead to a use-after-free condition, potentially allowing for memory corruption or exploitation of the freed memory.

Reproduction

The vulnerability can be reproduced by using a HID multitouch device that is unregistered while a uevent is fired that depends on the input device name. This sequence will trigger the use-after-free condition.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been fixed.

Added: Oct 1, 2025, 2:51 PM
Updated: Oct 1, 2025, 2:51 PM

Vulnerability Rating

Custom Algorithm
spread
9.0
impact
2.5
exploitability
4.3
remediation
7.7
relevance
0.6
threat
4.8
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.