Linux Kernel Logitech HIDPP Force Feedback Initialization Failure Use-After-Free Vulnerability

A use-after-free vulnerability has been identified in the Linux kernel's HID Logitech HIDPP driver, specifically when handling the G920 Driving Force Racing Wheel for Xbox One. The issue arises if the force feedback initialization fails during the device probing process. In such cases, an error is returned and propagated before the userspace infrastructure, including sysfs and /dev/input, has been properly dismantled. If userspace disregards these errors and continues to reference the now-dangling entities, a use-after-free condition will occur.

Impact

Exploitation of this vulnerability leads to a use-after-free condition, which can potentially be exploited to execute arbitrary code or cause a denial-of-service by crashing the system.

Reproduction

To reproduce this vulnerability, connect a Logitech G920 Driving Force Racing Wheel for Xbox One to a system running an affected version of the Linux kernel. During the device probing process, the force feedback initialization will fail, but the userspace infrastructure will not be torn down in time. If the userspace then continues to use references to the dangling entities, the use-after-free vulnerability will be triggered.

Remediation

Users can update to the latest version of the Linux kernel where this vulnerability has been addressed. Instructions for updating the kernel can be found in the official Linux documentation or through the package manager for your Linux distribution.