CVE-2026-35094 in libinputinformación

Resumen (Inglés)

A flaw was found in libinput. An attacker capable of deploying a Lua plugin file in specific system directories can exploit a dangling pointer vulnerability. This occurs when a garbage collection cleanup function is called, leaving a pointer that can then be printed to system logs. This could potentially expose sensitive data if the memory location is re-used, leading to information disclosure. For this exploit to work, Lua plugins must be enabled in libinput and loaded by the compositor.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Responsable

redhat

Reservar

2026-04-01

Divulgación

2026-04-01

Estado

Confirmado

Voces

VulDB provides additional information and datapoints for this CVE:

IDVulnerabilidadCWEExpConCVE
354677libinput desbordamiento de búfer825No está definidoNo está definidoCVE-2026-35094

Descripción

CPE

CWE

CVSS

Hazañas

Historia

Diferencia

Relacionar

Inteligencia de amenazas

API JSON

API XML

API CSV

Fuentes

AnteriorVisión De ConjuntoPróximo

Do you want to use VulDB in your project?

Use the official API to access entries easily!