Widely-Used libinput Updated Due To Arbitrary Root Code Execution
The libinput input handling library used by both X.Org and Wayland environments on modern Linux desktops is out with a new security fix release. A new vulnerability is now public allowing for arbitrary root code execution.
Libinput maintainer Peter Hutterer announced the new libinput security advisory for the issue uncovered by Csome. Due to libinput's libinput-device-group udev helper handling, a malicious uinput or uhid device could set a PHYS sysattr containing a "\n" to cause the resulting output to be interpreted as two separate key-value pairs by udev. In turn this could ultimately lead to arbitrary root code execution.
An attacker would need to need to create a malicious uinput or uhid device to pull off this attack. While typically restricted to root, custom udev rules can open this attack up to non-root users such as when installing the "steam-devices" package or similar on Fedora. Simply having the Steam Devices package installed can in turn open up this attack vector to logged in users.
Libinput 1.31.2 is now available to mitigate this issue.
Libinput maintainer Peter Hutterer announced the new libinput security advisory for the issue uncovered by Csome. Due to libinput's libinput-device-group udev helper handling, a malicious uinput or uhid device could set a PHYS sysattr containing a "\n" to cause the resulting output to be interpreted as two separate key-value pairs by udev. In turn this could ultimately lead to arbitrary root code execution.
An attacker would need to need to create a malicious uinput or uhid device to pull off this attack. While typically restricted to root, custom udev rules can open this attack up to non-root users such as when installing the "steam-devices" package or similar on Fedora. Simply having the Steam Devices package installed can in turn open up this attack vector to logged in users.
Libinput 1.31.2 is now available to mitigate this issue.