Linux Kernel Logitech HIDPP Driver Denial-of-Service Vulnerability

A denial-of-service vulnerability has been identified in the Linux kernel's Logitech HIDPP driver. This issue arises because fake USB gadgets can send HID report descriptors that include report structures without valid fields. When the kernel processes these invalid reports over USB, it can lead to a crash. The vulnerability is present in the stable version of the Linux kernel.

Impact

Exploitation of this vulnerability causes the Linux kernel to crash, disrupting system operations.

Reproduction

The vulnerability can be reproduced by connecting a fake USB gadget that sends HID report descriptors with invalid field structures to a system running the affected version of the Linux kernel. When the kernel attempts to process these malformed reports, it will crash, demonstrating the denial-of-service condition.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been addressed. Instructions for downloading the patched version are available on the official Linux kernel website.