Widely-Used libinput Updated Due To Arbitrary Root Code Execution
The libinput library, essential for input handling in Linux environments, has received a critical security update. A newly discovered vulnerability could allow arbitrary root code execution through malicious devices. Users are advised to update to libinput version 1.31.2 to mitigate this risk.
- ▪Libinput is used in both X.Org and Wayland environments on modern Linux desktops.
- ▪A vulnerability allows arbitrary root code execution via malicious uinput or uhid devices.
- ▪The update to libinput 1.31.2 addresses this security issue.
Opening excerpt (first ~120 words) tap to expand
Widely-Used libinput Updated Due To Arbitrary Root Code Execution Written by Michael Larabel in Desktop on 3 June 2026 at 09:46 PM EDT. Add A Comment The libinput input handling library used by both X.Org and Wayland environments on modern Linux desktops is out with a new security fix release. A new vulnerability is now public allowing for arbitrary root code execution. Libinput maintainer Peter Hutterer announced the new libinput security advisory for the issue uncovered by Csome. Due to libinput's libinput-device-group udev helper handling, a malicious uinput or uhid device could set a PHYS sysattr containing a "\n" to cause the resulting output to be interpreted as two separate key-value pairs by udev. In turn this could ultimately lead to arbitrary root code execution.
…
Excerpt limited to ~120 words for fair-use compliance. The full article is at Phoronix.