CVE-2025-38494

Summary

In the Linux kernel, the following vulnerability has been resolved:

HID: core: do not bypass hid_hw_raw_request

hid_hw_raw_request() is actually useful to ensure the provided buffer and length are valid. Directly calling in the low level transport driver function bypassed those checks and allowed invalid paramto be used.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux4fa5a7f76cc7b6ac87f57741edd2b124851d119f < dd8e8314f2ce225dade5248dcfb9e2ac0edda624affected
LinuxLinux4fa5a7f76cc7b6ac87f57741edd2b124851d119f < 40e25aa7e4e0f2440c73a683ee448e41c7c344edaffected
LinuxLinux4fa5a7f76cc7b6ac87f57741edd2b124851d119f < f10923b8d32a473b229477b63f23bbd72b1e9910affected
LinuxLinux4fa5a7f76cc7b6ac87f57741edd2b124851d119f < a62a895edb2bfebffa865b5129a66e3b4287f34faffected
LinuxLinux4fa5a7f76cc7b6ac87f57741edd2b124851d119f < 0e5017d84d650ca0eeaf4a3fe9264c5dbc886b81affected
LinuxLinux4fa5a7f76cc7b6ac87f57741edd2b124851d119f < d18f63e848840100dbc351a82e7042eac5a28cf5affected
LinuxLinux4fa5a7f76cc7b6ac87f57741edd2b124851d119f < 19d1314d46c0d8a5c08ab53ddeb62280c77698c0affected
LinuxLinux4fa5a7f76cc7b6ac87f57741edd2b124851d119f < c2ca42f190b6714d6c481dfd3d9b62ea091c946baffected
LinuxLinux3.15affected
LinuxLinux0 < 3.15unaffected
LinuxLinux5.4.297 <= 5.4.*unaffected
LinuxLinux5.10.241 <= 5.10.*unaffected
LinuxLinux5.15.190 <= 5.15.*unaffected
LinuxLinux6.1.147 <= 6.1.*unaffected
LinuxLinux6.6.100 <= 6.6.*unaffected
LinuxLinux6.12.40 <= 6.12.*unaffected
LinuxLinux6.15.8 <= 6.15.*unaffected
LinuxLinux6.16 <= *unaffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

References