CVE-2026-45969
Description
In the Linux kernel, the following vulnerability has been resolved:
HID: playstation: Add missing check for input_ff_create_memless
The ps_gamepad_create() function calls input_ff_create_memless() without verifying its return value, which can lead to incorrect behavior or potential crashes when FF effects are triggered.
Add a check for the return value of input_ff_create_memless().
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Linux kernel HID playstation driver missing return value check in ps_gamepad_create() could lead to crash or incorrect behavior when FF effects are triggered.
Vulnerability
The ps_gamepad_create() function in the HID playstation driver calls input_ff_create_memless() without checking its return value [1]. This omission can lead to incorrect behavior or potential crashes when force feedback (FF) effects are triggered. The vulnerability affects Linux kernel versions prior to the fix commit [1].
Exploitation
An attacker would need to have access to a system with a PlayStation controller that supports force feedback and trigger FF effects. This could be achieved by a local user or through malicious software that sends FF commands, leading to undefined behavior or system instability [1].
Impact
Successful exploitation could result in a denial of service due to a kernel crash or unexpected controller behavior. The scope is limited to the force feedback subsystem, potentially causing the system to hang or crash [1].
Mitigation
The fix is included in commit 45b01d85265bc1ccdd69e0a7887db4b905a778f4 [1]. Users should apply the latest kernel updates containing this commit. No workaround is available; applying the patch is the recommended action.
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1Patches
14496a345cc047HID: playstation: Add missing check for input_ff_create_memless
1 file changed · +3 −2
drivers/hid/hid-playstation.c+3 −2 modifieddiff --git a/drivers/hid/hid-playstation.c b/drivers/hid/hid-playstation.c index 69c16c9b8c5c94..5e4c329a434144 100644 --- a/drivers/hid/hid-playstation.c +++ b/drivers/hid/hid-playstation.c @@ -484,7 +484,9 @@ static struct input_dev *ps_gamepad_create(struct hid_device *hdev, #if IS_ENABLED(CONFIG_PLAYSTATION_FF) if (play_effect) { input_set_capability(gamepad, EV_FF, FF_RUMBLE); - input_ff_create_memless(gamepad, NULL, play_effect); + ret = input_ff_create_memless(gamepad, NULL, play_effect); + if (ret) + return ERR_PTR(ret); } #endif -- cgit 1.3-korg
e6807641ac94HID: playstation: Add missing check for input_ff_create_memless
1 file changed · +3 −2
drivers/hid/hid-playstation.c+3 −2 modifieddiff --git a/drivers/hid/hid-playstation.c b/drivers/hid/hid-playstation.c index e4dfcf26b04e74..2ec6d4445e84ba 100644 --- a/drivers/hid/hid-playstation.c +++ b/drivers/hid/hid-playstation.c @@ -774,7 +774,9 @@ ps_gamepad_create(struct hid_device *hdev, #if IS_ENABLED(CONFIG_PLAYSTATION_FF) if (play_effect) { input_set_capability(gamepad, EV_FF, FF_RUMBLE); - input_ff_create_memless(gamepad, NULL, play_effect); + ret = input_ff_create_memless(gamepad, NULL, play_effect); + if (ret) + return ERR_PTR(ret); } #endif -- cgit 1.3-korg
35301ca2a83dHID: playstation: Add missing check for input_ff_create_memless
1 file changed · +3 −2
drivers/hid/hid-playstation.c+3 −2 modifieddiff --git a/drivers/hid/hid-playstation.c b/drivers/hid/hid-playstation.c index e4dfcf26b04e74..2ec6d4445e84ba 100644 --- a/drivers/hid/hid-playstation.c +++ b/drivers/hid/hid-playstation.c @@ -774,7 +774,9 @@ ps_gamepad_create(struct hid_device *hdev, #if IS_ENABLED(CONFIG_PLAYSTATION_FF) if (play_effect) { input_set_capability(gamepad, EV_FF, FF_RUMBLE); - input_ff_create_memless(gamepad, NULL, play_effect); + ret = input_ff_create_memless(gamepad, NULL, play_effect); + if (ret) + return ERR_PTR(ret); } #endif -- cgit 1.3-korg
45b01d85265bHID: playstation: Add missing check for input_ff_create_memless
1 file changed · +3 −2
drivers/hid/hid-playstation.c+3 −2 modifieddiff --git a/drivers/hid/hid-playstation.c b/drivers/hid/hid-playstation.c index e4dfcf26b04e74..2ec6d4445e84ba 100644 --- a/drivers/hid/hid-playstation.c +++ b/drivers/hid/hid-playstation.c @@ -774,7 +774,9 @@ ps_gamepad_create(struct hid_device *hdev, #if IS_ENABLED(CONFIG_PLAYSTATION_FF) if (play_effect) { input_set_capability(gamepad, EV_FF, FF_RUMBLE); - input_ff_create_memless(gamepad, NULL, play_effect); + ret = input_ff_create_memless(gamepad, NULL, play_effect); + if (ret) + return ERR_PTR(ret); } #endif -- cgit 1.3-korg
987dee1486e9HID: playstation: Add missing check for input_ff_create_memless
1 file changed · +3 −2
drivers/hid/hid-playstation.c+3 −2 modifieddiff --git a/drivers/hid/hid-playstation.c b/drivers/hid/hid-playstation.c index 38d5171dd25b2d..d6d86406f42fdc 100644 --- a/drivers/hid/hid-playstation.c +++ b/drivers/hid/hid-playstation.c @@ -508,7 +508,9 @@ static struct input_dev *ps_gamepad_create(struct hid_device *hdev, #if IS_ENABLED(CONFIG_PLAYSTATION_FF) if (play_effect) { input_set_capability(gamepad, EV_FF, FF_RUMBLE); - input_ff_create_memless(gamepad, NULL, play_effect); + ret = input_ff_create_memless(gamepad, NULL, play_effect); + if (ret) + return ERR_PTR(ret); } #endif -- cgit 1.3-korg
33acf9a4d6ebHID: playstation: Add missing check for input_ff_create_memless
1 file changed · +3 −2
drivers/hid/hid-playstation.c+3 −2 modifieddiff --git a/drivers/hid/hid-playstation.c b/drivers/hid/hid-playstation.c index 32f65c45fdc8af..199f76988bae89 100644 --- a/drivers/hid/hid-playstation.c +++ b/drivers/hid/hid-playstation.c @@ -732,7 +732,9 @@ static struct input_dev *ps_gamepad_create(struct hid_device *hdev, #if IS_ENABLED(CONFIG_PLAYSTATION_FF) if (play_effect) { input_set_capability(gamepad, EV_FF, FF_RUMBLE); - input_ff_create_memless(gamepad, NULL, play_effect); + ret = input_ff_create_memless(gamepad, NULL, play_effect); + if (ret) + return ERR_PTR(ret); } #endif -- cgit 1.3-korg
d955aeb26e12HID: playstation: Add missing check for input_ff_create_memless
1 file changed · +3 −2
drivers/hid/hid-playstation.c+3 −2 modifieddiff --git a/drivers/hid/hid-playstation.c b/drivers/hid/hid-playstation.c index 71a8d4ec9913bd..b13a8f27cda0cc 100644 --- a/drivers/hid/hid-playstation.c +++ b/drivers/hid/hid-playstation.c @@ -739,7 +739,9 @@ static struct input_dev *ps_gamepad_create(struct hid_device *hdev, #if IS_ENABLED(CONFIG_PLAYSTATION_FF) if (play_effect) { input_set_capability(gamepad, EV_FF, FF_RUMBLE); - input_ff_create_memless(gamepad, NULL, play_effect); + ret = input_ff_create_memless(gamepad, NULL, play_effect); + if (ret) + return ERR_PTR(ret); } #endif -- cgit 1.3-korg
496a345cc047HID: playstation: Add missing check for input_ff_create_memless
1 file changed · +3 −2
drivers/hid/hid-playstation.c+3 −2 modifieddiff --git a/drivers/hid/hid-playstation.c b/drivers/hid/hid-playstation.c index 69c16c9b8c5c94..5e4c329a434144 100644 --- a/drivers/hid/hid-playstation.c +++ b/drivers/hid/hid-playstation.c @@ -484,7 +484,9 @@ static struct input_dev *ps_gamepad_create(struct hid_device *hdev, #if IS_ENABLED(CONFIG_PLAYSTATION_FF) if (play_effect) { input_set_capability(gamepad, EV_FF, FF_RUMBLE); - input_ff_create_memless(gamepad, NULL, play_effect); + ret = input_ff_create_memless(gamepad, NULL, play_effect); + if (ret) + return ERR_PTR(ret); } #endif -- cgit 1.3-korg
987dee1486e9HID: playstation: Add missing check for input_ff_create_memless
1 file changed · +3 −2
drivers/hid/hid-playstation.c+3 −2 modifieddiff --git a/drivers/hid/hid-playstation.c b/drivers/hid/hid-playstation.c index 38d5171dd25b2d..d6d86406f42fdc 100644 --- a/drivers/hid/hid-playstation.c +++ b/drivers/hid/hid-playstation.c @@ -508,7 +508,9 @@ static struct input_dev *ps_gamepad_create(struct hid_device *hdev, #if IS_ENABLED(CONFIG_PLAYSTATION_FF) if (play_effect) { input_set_capability(gamepad, EV_FF, FF_RUMBLE); - input_ff_create_memless(gamepad, NULL, play_effect); + ret = input_ff_create_memless(gamepad, NULL, play_effect); + if (ret) + return ERR_PTR(ret); } #endif -- cgit 1.3-korg
d955aeb26e12HID: playstation: Add missing check for input_ff_create_memless
1 file changed · +3 −2
drivers/hid/hid-playstation.c+3 −2 modifieddiff --git a/drivers/hid/hid-playstation.c b/drivers/hid/hid-playstation.c index 71a8d4ec9913bd..b13a8f27cda0cc 100644 --- a/drivers/hid/hid-playstation.c +++ b/drivers/hid/hid-playstation.c @@ -739,7 +739,9 @@ static struct input_dev *ps_gamepad_create(struct hid_device *hdev, #if IS_ENABLED(CONFIG_PLAYSTATION_FF) if (play_effect) { input_set_capability(gamepad, EV_FF, FF_RUMBLE); - input_ff_create_memless(gamepad, NULL, play_effect); + ret = input_ff_create_memless(gamepad, NULL, play_effect); + if (ret) + return ERR_PTR(ret); } #endif -- cgit 1.3-korg
33acf9a4d6ebHID: playstation: Add missing check for input_ff_create_memless
1 file changed · +3 −2
drivers/hid/hid-playstation.c+3 −2 modifieddiff --git a/drivers/hid/hid-playstation.c b/drivers/hid/hid-playstation.c index 32f65c45fdc8af..199f76988bae89 100644 --- a/drivers/hid/hid-playstation.c +++ b/drivers/hid/hid-playstation.c @@ -732,7 +732,9 @@ static struct input_dev *ps_gamepad_create(struct hid_device *hdev, #if IS_ENABLED(CONFIG_PLAYSTATION_FF) if (play_effect) { input_set_capability(gamepad, EV_FF, FF_RUMBLE); - input_ff_create_memless(gamepad, NULL, play_effect); + ret = input_ff_create_memless(gamepad, NULL, play_effect); + if (ret) + return ERR_PTR(ret); } #endif -- cgit 1.3-korg
35301ca2a83dHID: playstation: Add missing check for input_ff_create_memless
1 file changed · +3 −2
drivers/hid/hid-playstation.c+3 −2 modifieddiff --git a/drivers/hid/hid-playstation.c b/drivers/hid/hid-playstation.c index e4dfcf26b04e74..2ec6d4445e84ba 100644 --- a/drivers/hid/hid-playstation.c +++ b/drivers/hid/hid-playstation.c @@ -774,7 +774,9 @@ ps_gamepad_create(struct hid_device *hdev, #if IS_ENABLED(CONFIG_PLAYSTATION_FF) if (play_effect) { input_set_capability(gamepad, EV_FF, FF_RUMBLE); - input_ff_create_memless(gamepad, NULL, play_effect); + ret = input_ff_create_memless(gamepad, NULL, play_effect); + if (ret) + return ERR_PTR(ret); } #endif -- cgit 1.3-korg
e6807641ac94HID: playstation: Add missing check for input_ff_create_memless
1 file changed · +3 −2
drivers/hid/hid-playstation.c+3 −2 modifieddiff --git a/drivers/hid/hid-playstation.c b/drivers/hid/hid-playstation.c index e4dfcf26b04e74..2ec6d4445e84ba 100644 --- a/drivers/hid/hid-playstation.c +++ b/drivers/hid/hid-playstation.c @@ -774,7 +774,9 @@ ps_gamepad_create(struct hid_device *hdev, #if IS_ENABLED(CONFIG_PLAYSTATION_FF) if (play_effect) { input_set_capability(gamepad, EV_FF, FF_RUMBLE); - input_ff_create_memless(gamepad, NULL, play_effect); + ret = input_ff_create_memless(gamepad, NULL, play_effect); + if (ret) + return ERR_PTR(ret); } #endif -- cgit 1.3-korg
45b01d85265bHID: playstation: Add missing check for input_ff_create_memless
1 file changed · +3 −2
drivers/hid/hid-playstation.c+3 −2 modifieddiff --git a/drivers/hid/hid-playstation.c b/drivers/hid/hid-playstation.c index e4dfcf26b04e74..2ec6d4445e84ba 100644 --- a/drivers/hid/hid-playstation.c +++ b/drivers/hid/hid-playstation.c @@ -774,7 +774,9 @@ ps_gamepad_create(struct hid_device *hdev, #if IS_ENABLED(CONFIG_PLAYSTATION_FF) if (play_effect) { input_set_capability(gamepad, EV_FF, FF_RUMBLE); - input_ff_create_memless(gamepad, NULL, play_effect); + ret = input_ff_create_memless(gamepad, NULL, play_effect); + if (ret) + return ERR_PTR(ret); } #endif -- cgit 1.3-korg
Vulnerability mechanics
Root cause
"Missing return-value check for input_ff_create_memless() in ps_gamepad_create() allows use of a partially initialized input device."
Attack vector
An attacker with physical access to the system can connect a PlayStation DualSense or similar controller that triggers the HID driver's force-feedback (FF) initialization path. If `input_ff_create_memless()` fails (e.g., due to memory allocation failure), the unhandled error leaves the input device in an inconsistent state. Subsequently triggering FF effects (rumble) on that device can lead to incorrect behavior or a kernel crash [patch_id=2660874]. No network or special privileges are required beyond the ability to connect a compatible HID device.
Affected code
The vulnerability is in the `ps_gamepad_create()` function in `drivers/hid/hid-playstation.c` [patch_id=2660874]. The function calls `input_ff_create_memless()` under the `#if IS_ENABLED(CONFIG_PLAYSTATION_FF)` block but does not check its return value before continuing.
What the fix does
The patch assigns the return value of `input_ff_create_memless()` to the existing `ret` variable and, if `ret` is non-zero, returns `ERR_PTR(ret)` immediately [patch_id=2660874]. This ensures that when `input_ff_create_memless()` fails, `ps_gamepad_create()` propagates the error upward instead of continuing with a partially initialized gamepad device, preventing subsequent crashes when FF effects are triggered on the broken device.
Preconditions
- inputA PlayStation DualSense or compatible controller must be connected to the system, triggering the HID driver's force-feedback initialization path.
- configThe kernel must be built with CONFIG_PLAYSTATION_FF enabled.
- inputThe input_ff_create_memless() call must fail (e.g., due to memory pressure).
Generated on May 27, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
7- git.kernel.org/stable/c/33acf9a4d6eb1f6d01691faca96ad6b2ab0fcfc0nvd
- git.kernel.org/stable/c/35301ca2a83d17aac2f3e8e35c696f0da2a13111nvd
- git.kernel.org/stable/c/45b01d85265bc1ccdd69e0a7887db4b905a778f4nvd
- git.kernel.org/stable/c/496a345cc047a2c2d9d5a76956e1182525578bd5nvd
- git.kernel.org/stable/c/987dee1486e975e2baa6a5d062cfdf18bbe901c8nvd
- git.kernel.org/stable/c/d955aeb26e1210a018492b3b32cbdfaf017aaa25nvd
- git.kernel.org/stable/c/e6807641ac94e832988655a1c0e60ccc806b76dcnvd
News mentions
0No linked articles in our index yet.