CVE-2025-38494

In the Linux kernel, the following vulnerability has been resolved:

HID: core: do not bypass hid_hw_raw_request

hid_hw_raw_request() is actually useful to ensure the provided buffer
and length are valid. Directly calling in the low level transport driver
function bypassed those checks and allowed invalid paramto be used.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
UNKNOWN
---
LinuxCNA
---
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 2%
Debian logo
Debian Releases
Debian Product
Codename
linux
bullseye
vulnerable
bullseye (security)
vulnerable
bookworm
vulnerable
bookworm (security)
vulnerable
trixie (security)
vulnerable
sid
vulnerable
trixie
vulnerable
References
https://git.kernel.org/stable/c/0e5017d84d650ca0eeaf4a3fe9264c5dbc886b81
https://git.kernel.org/stable/c/19d1314d46c0d8a5c08ab53ddeb62280c77698c0
https://git.kernel.org/stable/c/a62a895edb2bfebffa865b5129a66e3b4287f34f
https://git.kernel.org/stable/c/c2ca42f190b6714d6c481dfd3d9b62ea091c946b
https://git.kernel.org/stable/c/d18f63e848840100dbc351a82e7042eac5a28cf5