CVE-2025-38495
N/A
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
HID: core: ensure the allocated report buffer can contain the reserved report ID
When the report ID is not used, the low level transport drivers expect the first byte to be 0. However, currently the allocated buffer not account for that extra byte, meaning that instead of having 8 guaranteed bytes for implement to be working, we only have 7.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | 4fa5a7f76cc7b6ac87f57741edd2b124851d119f < 7228e36c7875e4b035374cf68ca5e44dffa596b2 | affected |
| Linux | Linux | 4fa5a7f76cc7b6ac87f57741edd2b124851d119f < 9f2892f7233a8f1320fe671d0f95f122191bfbcd | affected |
| Linux | Linux | 4fa5a7f76cc7b6ac87f57741edd2b124851d119f < 7fa83d0043370003e9a0b46ab7ae8f53b00fab06 | affected |
| Linux | Linux | 4fa5a7f76cc7b6ac87f57741edd2b124851d119f < d3ed1d84a84538a39b3eb2055d6a97a936c108f2 | affected |
| Linux | Linux | 4fa5a7f76cc7b6ac87f57741edd2b124851d119f < fcda39a9c5b834346088c14b1374336b079466c1 | affected |
| Linux | Linux | 4fa5a7f76cc7b6ac87f57741edd2b124851d119f < a262370f385e53ff7470efdcdaf40468e5756717 | affected |
| Linux | Linux | 4fa5a7f76cc7b6ac87f57741edd2b124851d119f < a47d9d9895bad9ce0e840a39836f19ca0b2a343a | affected |
| Linux | Linux | 4fa5a7f76cc7b6ac87f57741edd2b124851d119f < 4f15ee98304b96e164ff2340e1dfd6181c3f42aa | affected |
| Linux | Linux | 3.15 | affected |
| Linux | Linux | 0 < 3.15 | unaffected |
| Linux | Linux | 5.4.297 <= 5.4.* | unaffected |
| Linux | Linux | 5.10.241 <= 5.10.* | unaffected |
| Linux | Linux | 5.15.190 <= 5.15.* | unaffected |
| Linux | Linux | 6.1.147 <= 6.1.* | unaffected |
| Linux | Linux | 6.6.100 <= 6.6.* | unaffected |
| Linux | Linux | 6.12.40 <= 6.12.* | unaffected |
| Linux | Linux | 6.15.8 <= 6.15.* | unaffected |
| Linux | Linux | 6.16 <= * | unaffected |
Weaknesses
ADP Enrichment
CVE Program Container
Additional References
- https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
- https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html
References
- https://git.kernel.org/stable/c/7228e36c7875e4b035374cf68ca5e44dffa596b2
- https://git.kernel.org/stable/c/9f2892f7233a8f1320fe671d0f95f122191bfbcd
- https://git.kernel.org/stable/c/7fa83d0043370003e9a0b46ab7ae8f53b00fab06
- https://git.kernel.org/stable/c/d3ed1d84a84538a39b3eb2055d6a97a936c108f2
- https://git.kernel.org/stable/c/fcda39a9c5b834346088c14b1374336b079466c1
- https://git.kernel.org/stable/c/a262370f385e53ff7470efdcdaf40468e5756717
- https://git.kernel.org/stable/c/a47d9d9895bad9ce0e840a39836f19ca0b2a343a
- https://git.kernel.org/stable/c/4f15ee98304b96e164ff2340e1dfd6181c3f42aa
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.