Amazon Linux 2023 Security Advisory: ALAS2023-2026-1857
Advisory Released Date: 2026-06-22
Advisory Updated Date: 2026-06-22
Severity:
Important
Issue Overview:
A flaw was found in libinput. A local attacker with access to /dev/uinput can inject arbitrary udev properties through the libinput-device-group helper. This injection can lead to root code execution, for example, by exploiting REMOVE_CMD properties that are executed when a device is removed. This vulnerability allows an attacker to gain elevated privileges on the system. (CVE-2026-50265)
In libinput before 1.30.4 and 1.31.x before 1.31.3, libinput-device-group unescaped phys output can inject udev properties leading to arbitrary root code execution (CVE-2026-50292)
Affected Packages:
libinput
Issue Correction:
Run dnf update libinput --releasever 2023.12.20260622 or dnf update --advisory ALAS2023-2026-1857 --releasever 2023.12.20260622 to update your system.
More information on how to update your system can be found on this page: Amazon Linux 2023 documentation
New Packages:
aarch64:
libinput-debugsource-1.26.2-1.amzn2023.0.2.aarch64
libinput-devel-1.26.2-1.amzn2023.0.2.aarch64
libinput-utils-debuginfo-1.26.2-1.amzn2023.0.2.aarch64
libinput-utils-1.26.2-1.amzn2023.0.2.aarch64
libinput-test-debuginfo-1.26.2-1.amzn2023.0.2.aarch64
libinput-debuginfo-1.26.2-1.amzn2023.0.2.aarch64
libinput-test-1.26.2-1.amzn2023.0.2.aarch64
libinput-1.26.2-1.amzn2023.0.2.aarch64
src:
libinput-1.26.2-1.amzn2023.0.2.src
x86_64:
libinput-test-debuginfo-1.26.2-1.amzn2023.0.2.x86_64
libinput-utils-debuginfo-1.26.2-1.amzn2023.0.2.x86_64
libinput-devel-1.26.2-1.amzn2023.0.2.x86_64
libinput-debugsource-1.26.2-1.amzn2023.0.2.x86_64
libinput-debuginfo-1.26.2-1.amzn2023.0.2.x86_64
libinput-test-1.26.2-1.amzn2023.0.2.x86_64
libinput-utils-1.26.2-1.amzn2023.0.2.x86_64
libinput-1.26.2-1.amzn2023.0.2.x86_64