Linux Kernel HID Probe Error Handling Vulnerability in Force Feedback Driver

A vulnerability has been identified in the Linux kernel's handling of probe errors within the HID (Human Interface Device) subsystem, specifically in the PantherLord force feedback driver for USB/PS2 adapters. The issue arises because errors during the initialization process are not properly reported, leading to a potential NULL pointer dereference the first time force feedback is used. This vulnerability affects several versions of the Linux kernel.

Impact

The vulnerability can cause a NULL pointer dereference, which typically leads to a crash of the affected component or system.

Reproduction

The vulnerability can be reproduced by using a PantherLord USB/PS2 2-in-1 adapter with the force feedback driver enabled. The driver will follow a NULL pointer the first time force feedback is used, causing a crash.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been addressed. Instructions for downloading the patched version can be found in the Linux kernel documentation.