Linux Kernel HID Magic Mouse Input Handling Vulnerability Leading to Denial-of-Service

A vulnerability in the Linux kernel's handling of HID magic mouse devices can lead to a denial-of-service condition. Fake USB devices can send report descriptors that bypass the input_mapping() hook, leaving the associated input context NULL. This oversight can cause a crash when the system later attempts to process the input. The vulnerability has been addressed by modifying the input_configured() hook to detect and reject such devices before they cause a crash. While this issue is not expected to occur with genuine magic mouse devices, it can be artificially triggered by emulating a magic mouse USB device.

Impact

Exploitation of this vulnerability causes the system to crash, creating a denial-of-service condition.

Reproduction

To reproduce this vulnerability, connect a fake USB device that impersonates a magic mouse. The device will send a report descriptor that the Linux kernel's input subsystem does not properly handle, leaving the input context NULL. When the system later tries to use this input context, it will encounter a crash. This can be done using USB emulation tools that allow the creation of custom USB devices with specific report descriptors.

Remediation

The vulnerability has been fixed in the Linux kernel. Users should upgrade to the latest version where this issue has been addressed.