CVE-2026-35094 in libinput
要約 (英語)
A flaw was found in libinput. An attacker capable of deploying a Lua plugin file in specific system directories can exploit a dangling pointer vulnerability. This occurs when a garbage collection cleanup function is called, leaving a pointer that can then be printed to system logs. This could potentially expose sensitive data if the memory location is re-used, leading to information disclosure. For this exploit to work, Lua plugins must be enabled in libinput and loaded by the compositor.
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
責任者
redhat
予約する
2026年04月01日
公開
2026年04月01日
ステータス
確認済み
エントリ
VulDB provides additional information and datapoints for this CVE:
| 識別子 | 脆弱性 | CWE | 悪用可 | 対策 | CVE |
|---|---|---|---|---|---|
| 354677 | libinput メモリ破損 | 825 | 未定義 | 未定義 | CVE-2026-35094 |