GHSA-h66j-7rgr-pmgxHighCVSS 7.0

A flaw was found in libinput. A local attacker with access to /dev/uinput can inject arbitrary...

Published
June 5, 2026
Last Modified
June 5, 2026

🔗 CVE IDs covered (1)

📋 Description

A flaw was found in libinput. A local attacker with access to /dev/uinput can inject arbitrary udev properties through the libinput-device-group helper. This injection can lead to root code execution, for example, by exploiting REMOVE_CMD properties that are executed when a device is removed. This vulnerability allows an attacker to gain elevated privileges on the system.

🔗 References (6)