CVE-2026-23349 - Vulnerability Details

- HID: pidff: Fix condition effect bit clearing

Description

In the Linux kernel, the following vulnerability has been resolved:

HID: pidff: Fix condition effect bit clearing

As reported by MPDarkGuy on discord, NULL pointer dereferences were
happening because not all the conditional effects bits were cleared.

Properly clear all conditional effect bits from ffbit

Published: 2026-03-25

Score: 5.5 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

An issue in the Linux kernel's HID pidff subsystem allows a NULL pointer dereference when conditional effect bits are not properly cleared. The flaw can cause the kernel to crash, resulting in a denial of service. The bug maps to CWE‑824, indicating a loss of error handling and control flow disruption.

Affected Systems

The vulnerability affects Linux kernel installations that include the pidff driver before the fix. All current Linux distributions using kernels that have not yet applied the patch are potentially impacted. The exact kernel versions are not listed, so administrators should check the vendor’s release notes for the patch that incorporates the bit‑clearing change.

Risk and Exploitability

The CVSS score of 5.5 indicates moderate severity, while the EPSS score of less than 1% suggests the likelihood of exploitation is low. Because the exploit requires interacting with the HID subsystem, the attack vector is likely local or requires privileged access to a malicious HID device. No entry in the CISA KEV catalog means no confirmed widespread attacks are reported. If an attacker can supply a crafted HID signal that triggers the un‑cleared conditional bits, the kernel will dereference a null pointer, leading to a crash.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`7f3d7bc0df4bdc23d31cf0f90b6e20c45129465e`	affected	< d1edc027a4b0bb4c7a2670b530590b4df6177011
`7f3d7bc0df4bdc23d31cf0f90b6e20c45129465e`	affected	< ef0e669dbceaf3d7bb4ae0b235fa61feabd92b0b
`7f3d7bc0df4bdc23d31cf0f90b6e20c45129465e`	affected	< 97d5c8f5c09a604c4873c8348f58de3cea69a7df

Linux

affected

Version	Status	Constraints
`6.18`	affected	—
`0`	unaffected	< 6.18
`6.18.17`	unaffected	≤ 6.18.*
`6.19.7`	unaffected	≤ 6.19.*
`7.0`	unaffected	≤ *

Configuration 1 [-]

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:6.18:-::::::
	cpe:2.3:o:linux:linux_kernel:7.0:rc1::::::
	cpe:2.3:o:linux:linux_kernel:7.0:rc2::::::
	cpe:2.3:o:linux:linux_kernel:7.0:rc3::::::
	cpe:2.3:o:linux:linux_kernel:7.0:rc4::::::
	cpe:2.3:o:linux:linux_kernel:7.0:rc5::::::
	cpe:2.3:o:linux:linux_kernel:7.0:rc6::::::
	cpe:2.3:o:linux:linux_kernel:7.0:rc7::::::

No data.

Vendor Product Confidence Versions

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[7f3d7bc0df4bdc23d31cf0f90b6e20c45129465e,d1edc027a4b0bb4c7a2670b530590b4df6177011)`	affected	code_commit	—
`[7f3d7bc0df4bdc23d31cf0f90b6e20c45129465e,ef0e669dbceaf3d7bb4ae0b235fa61feabd92b0b)`	affected	code_commit	—
`[7f3d7bc0df4bdc23d31cf0f90b6e20c45129465e,97d5c8f5c09a604c4873c8348f58de3cea69a7df)`	affected	code_commit	—

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`6.18`	affected	generic	—
`[0,6.18)`	unaffected	generic	—
`[6.18.17,6.19.0)`	unaffected	semver	—
`[6.19.7,6.20.0)`	unaffected	semver	—
`[7.0-rc3,*]`	unaffected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Update your Linux kernel to the latest release that contains the pidff NULL pointer dereference fix.
If an update cannot be applied immediately, limit exposure by restricting access to HID devices to trusted users or scripts, and adjust device permissions to prevent untrusted devices from communicating with the kernel.
Monitor kernel logs (e.g., dmesg or system journal) for messages indicating kernel panics related to HID devices, and investigate any such incidents promptly.

Generated by OpenCVE AI on March 26, 2026 at 14:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00022.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/97d5c8f5c09a604c4873c8348f58de3cea69a7df
https://git.kernel.org/stable/c/d1edc027a4b0bb4c7a2670b530590b4df6177011
https://git.kernel.org/stable/c/ef0e669dbceaf3d7bb4ae0b235fa61feabd92b0b
https://lore.kernel.org/linux-cve-announce/2026032536-CVE-2026-23349-aa6a@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2026-23349
https://www.cve.org/CVERecord?id=CVE-2026-23349

History

Fri, 24 Apr 2026 18:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-476
CPEs		cpe:2.3:o:linux:linux_kernel:6.18:-:::::: cpe:2.3:o:linux:linux_kernel:7.0:rc1:::::: cpe:2.3:o:linux:linux_kernel:7.0:rc2:::::: cpe:2.3:o:linux:linux_kernel:7.0:rc3:::::: cpe:2.3:o:linux:linux_kernel:7.0:rc4:::::: cpe:2.3:o:linux:linux_kernel:7.0:rc5:::::: cpe:2.3:o:linux:linux_kernel:7.0:rc6:::::: cpe:2.3:o:linux:linux_kernel:7.0:rc7::::::

Thu, 26 Mar 2026 12:30:00 +0000

Type	Values Removed	Values Added
Weaknesses	CWE-476

Thu, 26 Mar 2026 00:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-824
References		https://lore.kernel.org/linux-cve-announce/2026032536-CVE-2026-23349-aa6a@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2026-23349 https://www.cve.org/CVERecord?id=CVE-2026-23349
Metrics	threat_severity `None`	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}` threat_severity `Moderate`

Wed, 25 Mar 2026 22:00:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-476

Wed, 25 Mar 2026 10:45:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: HID: pidff: Fix condition effect bit clearing As reported by MPDarkGuy on discord, NULL pointer dereferences were happening because not all the conditional effects bits were cleared. Properly clear all conditional effect bits from ffbit
Title		HID: pidff: Fix condition effect bit clearing
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/97d5c8f5c09a604c4873c8348f58de3cea69a7df https://git.kernel.org/stable/c/d1edc027a4b0bb4c7a2670b530590b4df6177011 https://git.kernel.org/stable/c/ef0e669dbceaf3d7bb4ae0b235fa61feabd92b0b

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-03-25T10:27:35.443Z

Updated: 2026-04-13T06:05:33.259Z

Reserved: 2026-01-13T15:37:45.999Z

Link: CVE-2026-23349

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2026-03-25T11:16:33.197

Modified: 2026-04-24T18:06:21.640

Link: CVE-2026-23349

Redhat

Severity : Moderate

Publid Date: 2026-03-25T00:00:00Z

Links: CVE-2026-23349 - Bugzilla

OpenCVE Enrichment

Updated: 2026-03-27T09:49:27Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object