CVE-2025-37862
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
HID: pidff: Fix null pointer dereference in pidff_find_fields
This function triggered a null pointer dereference if used to search for a report that isn't implemented on the device. This happened both for optional and required reports alike.
The same logic was applied to pidff_find_special_field and although pidff_init_fields should return an error earlier if one of the required reports is missing, future modifications could change this logic and resurface this possible null pointer dereference again.
LKML bug report: https://lore.kernel.org/all/CAL-gK7f5=R0nrrQdPtaZZr1fd-cdAMbDMuZ_NLA8vM0SX+nGSw@mail.gmail.com
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | 224ee88fe39564358ec99b46bf3ee6e6999ae17d < 44a1b8b2027afbb37e418993fb23561bdb9efb38 | affected |
| Linux | Linux | 224ee88fe39564358ec99b46bf3ee6e6999ae17d < d230becb9d38b7325c5c38d051693e4c26b1829b | affected |
| Linux | Linux | 224ee88fe39564358ec99b46bf3ee6e6999ae17d < 6b4449e4f03326fbd2136e67bfcc1e6ffe61541d | affected |
| Linux | Linux | 224ee88fe39564358ec99b46bf3ee6e6999ae17d < ddb147885225d768025f6818df533d30edf3e102 | affected |
| Linux | Linux | 224ee88fe39564358ec99b46bf3ee6e6999ae17d < be706a48bb7896d4130edc82811233d1d62158e7 | affected |
| Linux | Linux | 224ee88fe39564358ec99b46bf3ee6e6999ae17d < f8f4d77710e1c38f4a2bd26c88c4878b5b5e817a | affected |
| Linux | Linux | 224ee88fe39564358ec99b46bf3ee6e6999ae17d < 3a507184f9307e19cb441b897c49e7843c94e56b | affected |
| Linux | Linux | 224ee88fe39564358ec99b46bf3ee6e6999ae17d < e368698da79af821f18c099520deab1219c2044b | affected |
| Linux | Linux | 224ee88fe39564358ec99b46bf3ee6e6999ae17d < 22a05462c3d0eee15154faf8d13c49e6295270a5 | affected |
| Linux | Linux | 2.6.19 | affected |
| Linux | Linux | 0 < 2.6.19 | unaffected |
| Linux | Linux | 5.4.293 <= 5.4.* | unaffected |
| Linux | Linux | 5.10.237 <= 5.10.* | unaffected |
| Linux | Linux | 5.15.181 <= 5.15.* | unaffected |
| Linux | Linux | 6.1.135 <= 6.1.* | unaffected |
| Linux | Linux | 6.6.88 <= 6.6.* | unaffected |
| Linux | Linux | 6.12.24 <= 6.12.* | unaffected |
| Linux | Linux | 6.13.12 <= 6.13.* | unaffected |
| Linux | Linux | 6.14.3 <= 6.14.* | unaffected |
| Linux | Linux | 6.15 <= * | unaffected |
Weaknesses
ADP Enrichment
CVE Program Container
Additional References
- https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html
- https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html
References
- https://git.kernel.org/stable/c/44a1b8b2027afbb37e418993fb23561bdb9efb38
- https://git.kernel.org/stable/c/d230becb9d38b7325c5c38d051693e4c26b1829b
- https://git.kernel.org/stable/c/6b4449e4f03326fbd2136e67bfcc1e6ffe61541d
- https://git.kernel.org/stable/c/ddb147885225d768025f6818df533d30edf3e102
- https://git.kernel.org/stable/c/be706a48bb7896d4130edc82811233d1d62158e7
- https://git.kernel.org/stable/c/f8f4d77710e1c38f4a2bd26c88c4878b5b5e817a
- https://git.kernel.org/stable/c/3a507184f9307e19cb441b897c49e7843c94e56b
- https://git.kernel.org/stable/c/e368698da79af821f18c099520deab1219c2044b
- https://git.kernel.org/stable/c/22a05462c3d0eee15154faf8d13c49e6295270a5
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.