Description
A flaw was found in libinput. An attacker capable of deploying a Lua plugin file in specific system directories can exploit a dangling pointer vulnerability. This occurs when a garbage collection cleanup function is called, leaving a pointer that can then be printed to system logs. This could potentially expose sensitive data if the memory location is re-used, leading to information disclosure. For this exploit to work, Lua plugins must be enabled in libinput and loaded by the compositor.
Published: 2026-04-01
Score: 3.3 Low
EPSS: < 1% Very Low
KEV: No
Impact: Information Disclosure
Action: Monitor
AI Analysis

Impact

A flaw in libinput permits an attacker who can place a Lua plugin file in particular system directories to trigger a dangling pointer during garbage‑collection cleanup. The exposed pointer is written to system logs, which may subsequently be recycled for another purpose. If the memory region is re‑used, this can reveal sensitive data that was once contained in that region. The issue is classified under CWE‑825 and results in potential information disclosure.

Affected Systems

Red Hat Enterprise Linux distributions (versions 10, 7, 8, and 9) are affected because they include the vulnerable libinput component. The vulnerability arises when Lua plugins are enabled in libinput and the compositor loads them. Anyone managing these RHEL systems should be aware that any installation of libinput with Lua plugin support is potentially exposed.

Risk and Exploitability

The CVSS score is 3.3, indicating low severity, and the vulnerability is not currently listed in CISA’s KEV catalog. EPSS data is unavailable, so the likelihood of exploitation cannot be quantified precisely, but the need to upload a Lua plugin file suggests a local or privileged attacker is required. The exploit path therefore appears constrained to environments where Lua plugins are enabled and write access to the plugin directories is possible. Because the vulnerability leads only to log exposure and does not allow direct code execution, the overall risk remains low, though it still warrants screening of logging output for inadvertent disclosures.

Generated by OpenCVE AI on April 2, 2026 at 02:27 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Verify if Lua plugins are enabled in libinput and disable them if not required.
  • Restrict write permissions on the system directories that store Lua plugin files to authorized users only.
  • Monitor system logs for unexpected parameter prints that might leak sensitive information.
  • Check Red Hat errata or security advisories for a libinput update that patches this issue and apply the update when available.
  • Consider upgrading to the latest RHEL release if the vulnerability is addressed there.

Generated by OpenCVE AI on April 2, 2026 at 02:27 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 02 Apr 2026 00:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 threat_severity

Moderate

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description A flaw was found in libinput. An attacker capable of deploying a Lua plugin file in specific system directories can exploit a dangling pointer vulnerability. This occurs when a garbage collection cleanup function is called, leaving a pointer that can then be printed to system logs. This could potentially expose sensitive data if the memory location is re-used, leading to information disclosure. For this exploit to work, Lua plugins must be enabled in libinput and loaded by the compositor.
Title Libinput: libinput: information disclosure via dangling pointer in lua plugin handling
First Time appeared Redhat
Redhat enterprise Linux
Weaknesses CWE-825
CPEs cpe:/o:redhat:enterprise_linux:10
cpe:/o:redhat:enterprise_linux:7
cpe:/o:redhat:enterprise_linux:8
cpe:/o:redhat:enterprise_linux:9
Vendors & Products Redhat
Redhat enterprise Linux
References
Metrics cvssV3_1

{'score': 3.3, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Subscriptions

Redhat Enterprise Linux
cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2026-04-01T15:50:07.802Z

Reserved: 2026-04-01T12:56:18.939Z

Link: CVE-2026-35094

cve-icon Vulnrichment

Updated: 2026-04-01T15:40:04.659Z

cve-icon NVD

Status : Undergoing Analysis

Published: 2026-04-01T14:16:57.637

Modified: 2026-04-01T14:23:37.727

Link: CVE-2026-35094

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-04-01T00:00:00Z

Links: CVE-2026-35094 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-02T20:17:31Z

Weaknesses