CVE-2025-38495 (GCVE-0-2025-38495)

Vulnerability from cvelistv5 – Published: 2025-07-28 11:22 – Updated: 2026-05-11 21:29
VLAI
Title
HID: core: ensure the allocated report buffer can contain the reserved report ID
Summary
In the Linux kernel, the following vulnerability has been resolved: HID: core: ensure the allocated report buffer can contain the reserved report ID When the report ID is not used, the low level transport drivers expect the first byte to be 0. However, currently the allocated buffer not account for that extra byte, meaning that instead of having 8 guaranteed bytes for implement to be working, we only have 7.
Severity
No CVSS data available.
Assigner
References
Impacted products
Vendor Product Version
Linux Linux Affected: 4fa5a7f76cc7b6ac87f57741edd2b124851d119f , < 7228e36c7875e4b035374cf68ca5e44dffa596b2 (git)
Affected: 4fa5a7f76cc7b6ac87f57741edd2b124851d119f , < 9f2892f7233a8f1320fe671d0f95f122191bfbcd (git)
Affected: 4fa5a7f76cc7b6ac87f57741edd2b124851d119f , < 7fa83d0043370003e9a0b46ab7ae8f53b00fab06 (git)
Affected: 4fa5a7f76cc7b6ac87f57741edd2b124851d119f , < d3ed1d84a84538a39b3eb2055d6a97a936c108f2 (git)
Affected: 4fa5a7f76cc7b6ac87f57741edd2b124851d119f , < fcda39a9c5b834346088c14b1374336b079466c1 (git)
Affected: 4fa5a7f76cc7b6ac87f57741edd2b124851d119f , < a262370f385e53ff7470efdcdaf40468e5756717 (git)
Affected: 4fa5a7f76cc7b6ac87f57741edd2b124851d119f , < a47d9d9895bad9ce0e840a39836f19ca0b2a343a (git)
Affected: 4fa5a7f76cc7b6ac87f57741edd2b124851d119f , < 4f15ee98304b96e164ff2340e1dfd6181c3f42aa (git)
Create a notification for this product.
Linux Linux Affected: 3.15
Unaffected: 0 , < 3.15 (semver)
Unaffected: 5.4.297 , ≤ 5.4.* (semver)
Unaffected: 5.10.241 , ≤ 5.10.* (semver)
Unaffected: 5.15.190 , ≤ 5.15.* (semver)
Unaffected: 6.1.147 , ≤ 6.1.* (semver)
Unaffected: 6.6.100 , ≤ 6.6.* (semver)
Unaffected: 6.12.40 , ≤ 6.12.* (semver)
Unaffected: 6.15.8 , ≤ 6.15.* (semver)
Unaffected: 6.16 , ≤ * (original_commit_for_fix)
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T17:39:03.891Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/hid/hid-core.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "7228e36c7875e4b035374cf68ca5e44dffa596b2",
              "status": "affected",
              "version": "4fa5a7f76cc7b6ac87f57741edd2b124851d119f",
              "versionType": "git"
            },
            {
              "lessThan": "9f2892f7233a8f1320fe671d0f95f122191bfbcd",
              "status": "affected",
              "version": "4fa5a7f76cc7b6ac87f57741edd2b124851d119f",
              "versionType": "git"
            },
            {
              "lessThan": "7fa83d0043370003e9a0b46ab7ae8f53b00fab06",
              "status": "affected",
              "version": "4fa5a7f76cc7b6ac87f57741edd2b124851d119f",
              "versionType": "git"
            },
            {
              "lessThan": "d3ed1d84a84538a39b3eb2055d6a97a936c108f2",
              "status": "affected",
              "version": "4fa5a7f76cc7b6ac87f57741edd2b124851d119f",
              "versionType": "git"
            },
            {
              "lessThan": "fcda39a9c5b834346088c14b1374336b079466c1",
              "status": "affected",
              "version": "4fa5a7f76cc7b6ac87f57741edd2b124851d119f",
              "versionType": "git"
            },
            {
              "lessThan": "a262370f385e53ff7470efdcdaf40468e5756717",
              "status": "affected",
              "version": "4fa5a7f76cc7b6ac87f57741edd2b124851d119f",
              "versionType": "git"
            },
            {
              "lessThan": "a47d9d9895bad9ce0e840a39836f19ca0b2a343a",
              "status": "affected",
              "version": "4fa5a7f76cc7b6ac87f57741edd2b124851d119f",
              "versionType": "git"
            },
            {
              "lessThan": "4f15ee98304b96e164ff2340e1dfd6181c3f42aa",
              "status": "affected",
              "version": "4fa5a7f76cc7b6ac87f57741edd2b124851d119f",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/hid/hid-core.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.15"
            },
            {
              "lessThan": "3.15",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.297",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.241",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.190",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.147",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.100",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.40",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.15.*",
              "status": "unaffected",
              "version": "6.15.8",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.16",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.297",
                  "versionStartIncluding": "3.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.241",
                  "versionStartIncluding": "3.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.190",
                  "versionStartIncluding": "3.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.147",
                  "versionStartIncluding": "3.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.100",
                  "versionStartIncluding": "3.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.40",
                  "versionStartIncluding": "3.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.15.8",
                  "versionStartIncluding": "3.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.16",
                  "versionStartIncluding": "3.15",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: core: ensure the allocated report buffer can contain the reserved report ID\n\nWhen the report ID is not used, the low level transport drivers expect\nthe first byte to be 0. However, currently the allocated buffer not\naccount for that extra byte, meaning that instead of having 8 guaranteed\nbytes for implement to be working, we only have 7."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-11T21:29:07.389Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/7228e36c7875e4b035374cf68ca5e44dffa596b2"
        },
        {
          "url": "https://git.kernel.org/stable/c/9f2892f7233a8f1320fe671d0f95f122191bfbcd"
        },
        {
          "url": "https://git.kernel.org/stable/c/7fa83d0043370003e9a0b46ab7ae8f53b00fab06"
        },
        {
          "url": "https://git.kernel.org/stable/c/d3ed1d84a84538a39b3eb2055d6a97a936c108f2"
        },
        {
          "url": "https://git.kernel.org/stable/c/fcda39a9c5b834346088c14b1374336b079466c1"
        },
        {
          "url": "https://git.kernel.org/stable/c/a262370f385e53ff7470efdcdaf40468e5756717"
        },
        {
          "url": "https://git.kernel.org/stable/c/a47d9d9895bad9ce0e840a39836f19ca0b2a343a"
        },
        {
          "url": "https://git.kernel.org/stable/c/4f15ee98304b96e164ff2340e1dfd6181c3f42aa"
        }
      ],
      "title": "HID: core: ensure the allocated report buffer can contain the reserved report ID",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2025-38495",
    "datePublished": "2025-07-28T11:22:04.169Z",
    "dateReserved": "2025-04-16T04:51:24.022Z",
    "dateUpdated": "2026-05-11T21:29:07.389Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2025-38495",
      "date": "2026-05-28",
      "epss": "0.00021",
      "percentile": "0.06396"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-38495\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2025-07-28T12:15:31.727\",\"lastModified\":\"2026-01-07T16:26:28.603\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nHID: core: ensure the allocated report buffer can contain the reserved report ID\\n\\nWhen the report ID is not used, the low level transport drivers expect\\nthe first byte to be 0. However, currently the allocated buffer not\\naccount for that extra byte, meaning that instead of having 8 guaranteed\\nbytes for implement to be working, we only have 7.\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: HID: n\u00facleo: garantizar que el b\u00fafer de informe asignado pueda contener el ID de informe reservado. Cuando no se utiliza el ID de informe, los controladores de transporte de bajo nivel esperan que el primer byte sea 0. Sin embargo, actualmente el b\u00fafer asignado no tiene en cuenta ese byte adicional, lo que significa que en lugar de tener 8 bytes garantizados para que la implementaci\u00f3n funcione, solo tenemos 7.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.15\",\"versionEndExcluding\":\"5.4.297\",\"matchCriteriaId\":\"6D7384E1-E9E8-41E0-AF24-1571E21AC42F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.5\",\"versionEndExcluding\":\"5.10.241\",\"matchCriteriaId\":\"D0D21C35-EB8A-488A-BBF9-403E4817E5DD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.11\",\"versionEndExcluding\":\"5.15.190\",\"matchCriteriaId\":\"AD9E597F-3DDE-4D7E-976C-463D0611F13F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.16\",\"versionEndExcluding\":\"6.1.147\",\"matchCriteriaId\":\"A4FD62FC-0DAE-4ACE-8C9C-66156518C3E1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.2\",\"versionEndExcluding\":\"6.6.100\",\"matchCriteriaId\":\"094B81E0-B756-4727-85CA-F3F8D1C9D116\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.7\",\"versionEndExcluding\":\"6.12.40\",\"matchCriteriaId\":\"0099D5A4-B157-4D36-8858-982C7D579030\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.13\",\"versionEndExcluding\":\"6.15.8\",\"matchCriteriaId\":\"C7AFE5B0-F3B1-4D30-B8BF-EDA0385C4746\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.16:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"6D4894DB-CCFE-4602-B1BF-3960B2E19A01\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.16:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"09709862-E348-4378-8632-5A7813EDDC86\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.16:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"415BF58A-8197-43F5-B3D7-D1D63057A26E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.16:rc4:*:*:*:*:*:*\",\"matchCriteriaId\":\"A0517869-312D-4429-80C2-561086E1421C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.16:rc5:*:*:*:*:*:*\",\"matchCriteriaId\":\"85421F4E-C863-4ABF-B4B4-E887CC2F7F92\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.16:rc6:*:*:*:*:*:*\",\"matchCriteriaId\":\"3827F0D4-5FEE-4181-B267-5A45E7CA11FC\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FA6FEEC2-9F11-4643-8827-749718254FED\"}]}]}],\"references\":[{\"url\":\"https://git.kernel.org/stable/c/4f15ee98304b96e164ff2340e1dfd6181c3f42aa\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/7228e36c7875e4b035374cf68ca5e44dffa596b2\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/7fa83d0043370003e9a0b46ab7ae8f53b00fab06\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/9f2892f7233a8f1320fe671d0f95f122191bfbcd\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/a262370f385e53ff7470efdcdaf40468e5756717\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/a47d9d9895bad9ce0e840a39836f19ca0b2a343a\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/d3ed1d84a84538a39b3eb2055d6a97a936c108f2\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/fcda39a9c5b834346088c14b1374336b079466c1\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.





Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.


Detection rules are retrieved from Rulezet.