Description
In the Linux kernel, the following vulnerability has been resolved:

HID: roccat: fix use-after-free in roccat_report_event

roccat_report_event() iterates over the device->readers list without
holding the readers_lock. This allows a concurrent roccat_release() to
remove and free a reader while it's still being accessed, leading to a
use-after-free.

Protect the readers list traversal with the readers_lock mutex.
Published: 2026-05-06
Score: 7.8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability originates from the HID roccat driver in the Linux kernel. The function roccat_report_event() walks the device->readers list without protecting it with readers_lock, a weakness that falls under CWE-820 which involves improper synchronization, and also leads to memory corruption due to use‑after‑free (CWE-416). As a result, a concurrent roccat_release() can free an entry while it remains in use, causing a use‑after‑free that can corrupt kernel memory or enable arbitrary code execution at the kernel level.

Affected Systems

This flaw affects systems that run the Linux kernel and load the roccat HID driver. The specific kernel version range is not enumerated in the advisory; any kernel that includes the roccat driver without the patch is vulnerable. Users running a kernel that has been updated with the commit that protects readers_lock are not affected.

Risk and Exploitability

The EPSS score is < 1% and the vulnerability is not listed in CISA KEV, indicating limited or unknown exploitation activity. The CVSS score is 7.8; however, a use‑after‑free in the kernel can lead to local privilege escalation or complete system compromise if an attacker with local access can trigger the race condition. The attack vector likely requires local privileges or the ability to manipulate the roccat device; a remote attacker would need to control the device itself. Because the kernel patch is required, the likelihood of exploitation decreases once the kernel is updated.

Generated by OpenCVE AI on May 8, 2026 at 21:40 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Linux kernel update that contains the roccat_report_event fix.
  • Reboot the system to load the updated kernel.
  • If updating the kernel is not immediately possible, remove or unload the roccat HID driver (modprobe -r roccat) or block roccat devices with udev rules to prevent the vulnerable driver from loading.

Generated by OpenCVE AI on May 8, 2026 at 21:40 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 08 May 2026 20:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-416
CPEs cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc7:*:*:*:*:*:*

Fri, 08 May 2026 13:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}

 cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Thu, 07 May 2026 02:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-416

Thu, 07 May 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-820
References
Metrics threat_severity

None

 cvssV3_1

{'score': 7.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}

threat_severity

Moderate

Wed, 06 May 2026 12:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-416

Wed, 06 May 2026 09:30:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: HID: roccat: fix use-after-free in roccat_report_event roccat_report_event() iterates over the device->readers list without holding the readers_lock. This allows a concurrent roccat_release() to remove and free a reader while it's still being accessed, leading to a use-after-free. Protect the readers list traversal with the readers_lock mutex.
Title HID: roccat: fix use-after-free in roccat_report_event
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-11T22:17:56.897Z

Reserved: 2026-05-01T14:12:55.986Z

Link: CVE-2026-43111

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-05-06T10:16:24.807

Modified: 2026-05-08T19:45:15.600

Link: CVE-2026-43111

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-05-06T00:00:00Z

Links: CVE-2026-43111 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-08T21:45:19Z

Weaknesses