{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-23349", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-01-13T15:37:45.999Z", "datePublished": "2026-03-25T10:27:35.443Z", "dateUpdated": "2026-04-13T06:05:33.259Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-04-13T06:05:33.259Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: pidff: Fix condition effect bit clearing\n\nAs reported by MPDarkGuy on discord, NULL pointer dereferences were\nhappening because not all the conditional effects bits were cleared.\n\nProperly clear all conditional effect bits from ffbit"}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/hid/usbhid/hid-pidff.c"], "versions": [{"version": "7f3d7bc0df4bdc23d31cf0f90b6e20c45129465e", "lessThan": "d1edc027a4b0bb4c7a2670b530590b4df6177011", "status": "affected", "versionType": "git"}, {"version": "7f3d7bc0df4bdc23d31cf0f90b6e20c45129465e", "lessThan": "ef0e669dbceaf3d7bb4ae0b235fa61feabd92b0b", "status": "affected", "versionType": "git"}, {"version": "7f3d7bc0df4bdc23d31cf0f90b6e20c45129465e", "lessThan": "97d5c8f5c09a604c4873c8348f58de3cea69a7df", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/hid/usbhid/hid-pidff.c"], "versions": [{"version": "6.18", "status": "affected"}, {"version": "0", "lessThan": "6.18", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.17", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.19.7", "lessThanOrEqual": "6.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.0", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.18", "versionEndExcluding": "6.18.17"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.18", "versionEndExcluding": "6.19.7"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.18", "versionEndExcluding": "7.0"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/d1edc027a4b0bb4c7a2670b530590b4df6177011"}, {"url": "https://git.kernel.org/stable/c/ef0e669dbceaf3d7bb4ae0b235fa61feabd92b0b"}, {"url": "https://git.kernel.org/stable/c/97d5c8f5c09a604c4873c8348f58de3cea69a7df"}], "title": "HID: pidff: Fix condition effect bit clearing", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "07E9D8CD-82F0-4CC6-8038-BF71758D583C", "versionEndExcluding": "6.18.17", "versionStartIncluding": "6.18.1", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "69245D10-0B71-485E-80C3-A64F077004D3", "versionEndExcluding": "6.19.7", "versionStartIncluding": "6.19", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.18:-:*:*:*:*:*:*", "matchCriteriaId": "DCE57113-2223-4308-A0F2-5E6ECFBB3C23", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "F253B622-8837-4245-BCE5-A7BF8FC76A16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*", "matchCriteriaId": "F666C8D8-6538-46D4-B318-87610DE64C34", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*", "matchCriteriaId": "02259FDA-961B-47BC-AE7F-93D7EC6E90C2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*", "matchCriteriaId": "58A9FEFF-C040-420D-8F0A-BFDAAA1DF258", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:*", "matchCriteriaId": "1D2315C0-D46F-4F85-9754-F9E5E11374A6", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc7:*:*:*:*:*:*", "matchCriteriaId": "512EE3A8-A590-4501-9A94-5D4B268D6138", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: pidff: Fix condition effect bit clearing\n\nAs reported by MPDarkGuy on discord, NULL pointer dereferences were\nhappening because not all the conditional effects bits were cleared.\n\nProperly clear all conditional effect bits from ffbit"}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad:\n\nHID: pidff: Correcci\u00f3n del borrado de bits de efecto de condici\u00f3n\n\nSeg\u00fan lo informado por MPDarkGuy en Discord, se estaban produciendo desreferencias de puntero NULL porque no se borraron todos los bits de efectos condicionales.\n\nBorrar correctamente todos los bits de efecto condicional de ffbit"}], "id": "CVE-2026-23349", "lastModified": "2026-04-24T18:06:21.640", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-03-25T11:16:33.197", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/97d5c8f5c09a604c4873c8348f58de3cea69a7df"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/d1edc027a4b0bb4c7a2670b530590b4df6177011"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/ef0e669dbceaf3d7bb4ae0b235fa61feabd92b0b"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: HID: pidff: Fix condition effect bit clearing", "id": "2451245", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451245"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-824", "details": ["A flaw was found in the Linux kernel's Human Interface Device (HID) subsystem, specifically within the `pidff` module. This vulnerability occurs because not all conditional effect bits were properly cleared, leading to null pointer dereferences. A local attacker could potentially exploit this flaw to cause a system crash, resulting in a denial of service."], "name": "CVE-2026-23349", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-03-25T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-23349\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-23349\nhttps://lore.kernel.org/linux-cve-announce/2026032536-CVE-2026-23349-aa6a@gregkh/T"], "statement": "This flaw affects systems using force feedback devices with the pidff (PID Force Feedback) HID driver. Incomplete clearing of conditional effect bits in ffbit causes NULL pointer dereferences. Triggering requires a force feedback capable device and specific force feedback effect operations.", "threat_severity": "Moderate"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[7f3d7bc0df4bdc23d31cf0f90b6e20c45129465e,d1edc027a4b0bb4c7a2670b530590b4df6177011)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[7f3d7bc0df4bdc23d31cf0f90b6e20c45129465e,ef0e669dbceaf3d7bb4ae0b235fa61feabd92b0b)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[7f3d7bc0df4bdc23d31cf0f90b6e20c45129465e,97d5c8f5c09a604c4873c8348f58de3cea69a7df)"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "6.18"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[0,6.18)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.18.17,6.19.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.19.7,6.20.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[7.0-rc3,*]"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}], "analysis": {"en": {"generated_at": "2026-04-28T09:17:59.338927+00:00", "value": {"mitigation_remediation": ["Update your Linux kernel to the latest release that contains the pidff NULL pointer dereference fix.", "If an update cannot be applied immediately, limit exposure by restricting access to HID devices to trusted users or scripts, and adjust device permissions to prevent untrusted devices from communicating with the kernel.", "Monitor kernel logs (e.g., dmesg or system journal) for messages indicating kernel panics related to HID devices, and investigate any such incidents promptly."], "summary": {"action": "Immediate Patch", "impact": "Denial of Service"}, "threat_synthesis": {"affected_systems": "The vulnerability affects Linux kernel installations that include the pidff driver before the fix. All current Linux distributions using kernels that have not yet applied the patch are potentially impacted. The exact kernel versions are not listed, so administrators should check the vendor\u2019s release notes for the patch that incorporates the bit\u2011clearing change.", "description_and_impact": "An issue in the Linux kernel's HID pidff subsystem allows a NULL pointer dereference when conditional effect bits are not properly cleared. The flaw can cause the kernel to crash, resulting in a denial of service. The bug maps to CWE\u2011824, indicating a loss of error handling and control flow disruption, and CWE\u2011476, which denotes null\u2011pointer dereference leading to generic segmentation faults.", "risk_and_exploitability": "The CVSS score of 5.5 indicates moderate severity, while the EPSS score of less than 1% suggests the likelihood of exploitation is low. Because the exploit requires interacting with the HID subsystem, the attack vector is likely local or requires privileged access to a malicious HID device. No entry in the CISA KEV catalog means no confirmed widespread attacks are reported. If an attacker can supply a crafted HID signal that triggers the un\u2011cleared conditional bits, the kernel will dereference a null pointer, leading to a crash."}}}}, "created": "2026-03-25T21:32:05.998242+00:00", "updated": "2026-04-28T09:30:26.195930+00:00", "vendors": ["linux", "linux$PRODUCT$linux_kernel"]}