CVE-2026-23382

Summary

In the Linux kernel, the following vulnerability has been resolved:

HID: Add HID_CLAIMED_INPUT guards in raw_event callbacks missing them

In commit 2ff5baa9b527 ("HID: appleir: Fix potential NULL dereference at raw event handle"), we handle the fact that raw event callbacks can happen even for a HID device that has not been "claimed" causing a crash if a broken device were attempted to be connected to the system.

Fix up the remaining in-tree HID drivers that forgot to add this same check to resolve the same issue.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxd0742abaa1c396a26bb3d3ce2732988cd3faa020 < b48284d7f0f76023b215a3409cdc989b5081eadfaffected
LinuxLinuxd0742abaa1c396a26bb3d3ce2732988cd3faa020 < de316c1edf15bc30ff5e0d4c7b37c70fd41cf319affected
LinuxLinuxd0742abaa1c396a26bb3d3ce2732988cd3faa020 < ac83b0d91a3f4f0c012ba9c85fb99436cddb1208affected
LinuxLinuxd0742abaa1c396a26bb3d3ce2732988cd3faa020 < 6e330889e6c8db99f04d4feb861d23de4e8fbb13affected
LinuxLinuxd0742abaa1c396a26bb3d3ce2732988cd3faa020 < 892dbaf46bb738dacf1fa663eadb3712c85868f0affected
LinuxLinuxd0742abaa1c396a26bb3d3ce2732988cd3faa020 < 20864e3e41c74cda253a9fa6b6fe093c1461a6a9affected
LinuxLinuxd0742abaa1c396a26bb3d3ce2732988cd3faa020 < 575122cd6569c4c4aa13c4c9958fea506724c788affected
LinuxLinuxd0742abaa1c396a26bb3d3ce2732988cd3faa020 < ecfa6f34492c493a9a1dc2900f3edeb01c79946baffected
LinuxLinux2.6.35affected
LinuxLinux0 < 2.6.35unaffected
LinuxLinux5.10.253 <= 5.10.*unaffected
LinuxLinux5.15.203 <= 5.15.*unaffected
LinuxLinux6.1.167 <= 6.1.*unaffected
LinuxLinux6.6.130 <= 6.6.*unaffected
LinuxLinux6.12.77 <= 6.12.*unaffected
LinuxLinux6.18.17 <= 6.18.*unaffected
LinuxLinux6.19.7 <= 6.19.*unaffected
LinuxLinux7.0 <= *unaffected

Weaknesses

References