CVE-2026-23349
NULL Pointer Dereference in Linux HID pidff Component
Publication date: 2026-03-25
Last updated on: 2026-04-24
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | 6.18 |
| linux | linux_kernel | From 6.18.1 (inc) to 6.18.17 (exc) |
| linux | linux_kernel | From 6.19 (inc) to 6.19.7 (exc) |
| linux | linux_kernel | 7.0 |
| linux | linux_kernel | 7.0 |
| linux | linux_kernel | 7.0 |
| linux | linux_kernel | 7.0 |
| linux | linux_kernel | 7.0 |
| linux | linux_kernel | 7.0 |
| linux | linux_kernel | 7.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-476 | The product dereferences a pointer that it expects to be valid but is NULL. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Linux kernel's HID subsystem, specifically in the pidff driver. The issue was that not all conditional effect bits were properly cleared, which caused NULL pointer dereferences. The fix involved ensuring that all conditional effect bits are correctly cleared to prevent these dereferences.
How can this vulnerability impact me? :
The vulnerability can lead to NULL pointer dereferences in the Linux kernel, which may cause system crashes or instability. This could potentially be exploited to disrupt normal system operations or cause denial of service.