Articles & Reviews
News Archive
Forums
Premium
Contact
Categories

Computers Display Drivers Graphics Cards Linux Gaming Memory Motherboards Processors Software Storage Operating Systems Peripherals

Widely-Used libinput Updated Due To Arbitrary Root Code Execution

Written by Michael Larabel in Desktop on 3 June 2026 at 09:46 PM EDT. 14 Comments

DESKTOP

The libinput input handling library used by both X.Org and Wayland environments on modern Linux desktops is out with a new security fix release. A new vulnerability is now public allowing for arbitrary root code execution.

Libinput maintainer Peter Hutterer announced the new libinput security advisory for the issue uncovered by Csome. Due to libinput's libinput-device-group udev helper handling, a malicious uinput or uhid device could set a PHYS sysattr containing a "\n" to cause the resulting output to be interpreted as two separate key-value pairs by udev. In turn this could ultimately lead to arbitrary root code execution.

An attacker would need to need to create a malicious uinput or uhid device to pull off this attack. While typically restricted to root, custom udev rules can open this attack up to non-root users such as when installing the "steam-devices" package or similar on Fedora. Simply having the Steam Devices package installed can in turn open up this attack vector to logged in users.

Libinput 1.31.2 is now available to mitigate this issue.

14 Comments

Related News

COSMIC Epoch 1.1 Released With COSMIC-Monitor, Compositor Improvements

Xfce Wayland Compositor Sees First Preview/Alpha Release

Flatpak 1.18 Released With Integration For AMD ROCm

COSMIC Now Implements Wayland Pointer Constraints For Better Gaming Experience

COSMIC Desktop's Frosted Glass Is Giving Windows Aero Vibes

FreeRDP 3.25 Adds Experimental AV1 Support

About The Author

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week

Linux Finally Eliminates The strncpy API After Six Years Of Work, 360+ Patches

Russian Spam & Profanities Are Now Plaguing The Arch Linux AUR

systemd 261 Released With New systemd-sysinstall OS Installer, IMDSD & Storagectl

Open-Source NVIDIA NVK Vulkan Driver Now Supports DLSS

Firefox 152 Now Available With JPEG-XL Support Built By Default, Modernized Settings UI

Linux 7.2 Optimization Shows +5% IOPS For EXT4 & XFS After Moving Around Two Lines Of Code

Google's Gemini Partially Figures Out A Lengthy Linux Boot Time On Modern ASUS Laptop

Epic Games Announces Lore Open-Source Version Control System