Use-After-Free Vulnerability in Roccat Devices by Linux Kernel
CVE-2026-43111

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 6 May 2026

What is CVE-2026-43111?

In the Linux kernel, a vulnerability in the handling of Roccat devices has been identified. The function roccat_report_event() accesses the device's readers list without proper synchronization. This oversight allows a concurrent process to free a reader while it is being accessed, resulting in a use-after-free condition. The issue has been addressed by implementing a mutex lock around the readers list traversal, ensuring safe access and preventing potential exploitation.

Affected Version(s)

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 36bb2d0b915014bbdc5044982b31b57b78045b93

References

https://git.kernel.org/stable/c/e6a445513fbc6a0329d2d5ff3...

https://git.kernel.org/stable/c/e16a6d11bd77b81632165f02c...

https://git.kernel.org/stable/c/36bb2d0b915014bbdc5044982...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 6, 2026
Vulnerability Reserved
May 1, 2026

CVE-2026-43111 Data

JSON