Description
A flaw was found in libinput. An attacker capable of deploying a Lua plugin file in specific system directories can exploit a dangling pointer vulnerability. This occurs when a garbage collection cleanup function is called, leaving a pointer that can then be printed to system logs. This could potentially expose sensitive data if the memory location is re-used, leading to information disclosure. For this exploit to work, Lua plugins must be enabled in libinput and loaded by the compositor.
Published: 2026-04-01
Score: 3.3 Low
EPSS: < 1% Very Low
KEV: No
Impact: Information Disclosure
Action: Immediate Patch
AI Analysis

Impact

The vulnerability stems from a dangling pointer in libinput’s Lua plugin handling. When the garbage‑collection cleanup function is called, a pointer to freed memory remains. If that memory is subsequently reused, the pointer value can be written to system logs, exposing sensitive data that previously resided there. Because the exploitation occurs during normal log writing, the primary impact is information disclosure, potentially revealing confidential information stored in the temporarily freed memory region.

Affected Systems

The flaw affects all Red Hat Enterprise Linux releases 7 through 10 that ship the vulnerable libinput package. The same vulnerability also impacts Fedora 43 and 44 since they use the upstream libinput library. Specific affected versions are not enumerated in the advisory, so any installation of libinput that has not been upgraded to the patched release should be considered vulnerable.

Risk and Exploitability

The CVSS v3.1 score of 3.3 indicates low severity, and the EPSS score of less than 1 % shows a very small likelihood of exploitation. The flaw is not listed in the CISA KEV catalog. The attack requires that the attacker can deploy a Lua plugin file in a system directory and that the compositor loads Lua plugins. This implies a local privilege escalation or compromised application scenario; a remote attacker would need higher level access. Because the vulnerability is an information‑disclosure issue with no known exploitation code, the risk remains low but not negligible for environments that expose Lua plugins and write logs.

Generated by OpenCVE AI on April 7, 2026 at 23:07 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the Red Enterprise Linux update that includes the libinput patch.
  • If an immediate update is not possible, temporarily disable Lua plugin support in libinput or compositor configuration.
  • Verify that Lua plugins are not enabled and that system logs do not contain pointers to cleared memory.
  • Continue to monitor for any updates or advisories from Red Hat and Fedora.

Generated by OpenCVE AI on April 7, 2026 at 23:07 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 07 Apr 2026 18:00:00 +0000

Type Values Removed Values Added
First Time appeared Fedoraproject
Fedoraproject fedora
Freedesktop
Freedesktop libinput
CPEs cpe:2.3:a:freedesktop:libinput:-:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:43:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:44:*:*:*:*:*:*:*
Vendors & Products Fedoraproject
Fedoraproject fedora
Freedesktop
Freedesktop libinput

Thu, 02 Apr 2026 00:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 threat_severity

Moderate

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description A flaw was found in libinput. An attacker capable of deploying a Lua plugin file in specific system directories can exploit a dangling pointer vulnerability. This occurs when a garbage collection cleanup function is called, leaving a pointer that can then be printed to system logs. This could potentially expose sensitive data if the memory location is re-used, leading to information disclosure. For this exploit to work, Lua plugins must be enabled in libinput and loaded by the compositor.
Title Libinput: libinput: information disclosure via dangling pointer in lua plugin handling
First Time appeared Redhat
Redhat enterprise Linux
Weaknesses CWE-825
CPEs cpe:/o:redhat:enterprise_linux:10
cpe:/o:redhat:enterprise_linux:7
cpe:/o:redhat:enterprise_linux:8
cpe:/o:redhat:enterprise_linux:9
Vendors & Products Redhat
Redhat enterprise Linux
References
Metrics cvssV3_1

{'score': 3.3, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Subscriptions

Fedoraproject Fedora
Freedesktop Libinput
Redhat Enterprise Linux
cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2026-04-01T15:50:07.802Z

Reserved: 2026-04-01T12:56:18.939Z

Link: CVE-2026-35094

cve-icon Vulnrichment

Updated: 2026-04-01T15:40:04.659Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-01T14:16:57.637

Modified: 2026-04-07T16:25:48.663

Link: CVE-2026-35094

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-04-01T00:00:00Z

Links: CVE-2026-35094 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-08T19:57:07Z

Weaknesses