Linux Kernel HID PIDFF Conditional Effect Bit Clearing Vulnerability

A vulnerability in the Linux kernel's HID PIDFF driver has been addressed, which involved improper handling of conditional effect bits. This oversight led to NULL pointer dereferences. The issue was reported by a user named MPDarkGuy on Discord. The vulnerability existed because not all conditional effect bits were cleared, causing potential instability in handling input device effects.

Impact

The vulnerability could lead to NULL pointer dereferences, causing potential crashes or undefined behavior in applications relying on the affected input devices.

Reproduction

The vulnerability can be reproduced by using a HID device that employs the PIDFF (PlayStation DualShock) driver. The issue arises when the driver fails to properly clear all conditional effect bits, leading to NULL pointer dereferences. This can cause applications to crash or behave unexpectedly when they try to access the input device's data.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been fixed. The patch is included in the official Linux kernel stable releases.