VDB

CVE-2026-27969

CVE-2026-27969 PUBLISHED CVSS 9.300000190734863 CRITICAL

In the Linux kernel, the following vulnerability has been resolved: HID: uclogic: Correct devm device reference for hidinput input_dev name Reference the HID device rather than the input device for the devm allocation of the input_dev name. Referencing the input_dev would lead to a use-after-free when the input_dev was unregistered and subsequently fires a uevent that depends on the name. At the point of firing the uevent, the name would be freed by devres management. Use devm_kasprintf to simplify the logic for allocating memory and formatting the input_dev name string.

EPSS 0.08% · 22.7th percentile

Risk Scores

CVSS 4.0
9.300000190734863
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:H/VI:H/VA:L/SC:L/SI:H/SA:H
EPSS Score
0.08%
22.7th percentile

Affected Products

VendorProductVersions
linuxfoundationvitess23.0.0, 0
vitessiovitess< 22.0.4, >= 23.0.0, < 23.0.3
LinuxLinux*, 0, 5.10.249
vitess.iovitess0, 0.23.0-rc1
linuxlinux_kernel4.1, 4.1, 4.1

Timeline

  • Oct 16, 2025 PoC Published
  • Oct 17, 2025 PoC Published
  • Oct 21, 2025 PoC Published
  • Dec 2, 2025 PoC Published
  • Dec 18, 2025 PoC Published
  • Dec 19, 2025 PoC Published
  • Dec 26, 2025 PoC Published
  • Dec 29, 2025 PoC Published
  • Dec 30, 2025 PoC Published
  • Dec 30, 2025 PoC Published
  • Dec 30, 2025 PoC Published
  • Jan 7, 2026 PoC Published

References

…and 10 more

Open in Interactive Console →
$ Console Community · 100/wk Open console ›