Acknowledged
Created: Oct 29, 2025
Updated: Oct 30, 2025
Found In Version: 10.23.30.1
Severity: Standard
Applicable for: Wind River Linux LTS 23
Component/s: Kernel
In the Linux kernel, the following vulnerability has been resolved:[EOL][EOL]Input: uinput - zero-initialize uinput_ff_upload_compat to avoid info leak[EOL][EOL]Struct ff_effect_compat is embedded twice inside[EOL]uinput_ff_upload_compat, contains internal padding. In particular, there[EOL]is a hole after struct ff_replay to satisfy alignment requirements for[EOL]the following union member. Without clearing the structure,[EOL]copy_to_user() may leak stack data to userspace.[EOL][EOL]Initialize ff_up_compat to zero before filling valid fields.
