SB2025062013 - NULL pointer dereference in Linux kernel hid driver
Published: June 20, 2025 Updated: June 21, 2025
Security Bulletin ID
SB2025062013
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) NULL pointer dereference (CVE-ID: CVE-2022-49984)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the steam_recv_report() and steam_send_report() functions in drivers/hid/hid-steam.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/989560b6d9e00d99e07bc33067fa1c770994bf4d
- https://git.kernel.org/stable/c/c20d03b82a2e3ddbb555dad4d4f3374a9763222c
- https://git.kernel.org/stable/c/cd11d1a6114bd4bc6450ae59f6e110ec47362126
- https://git.kernel.org/stable/c/dc815761948ab5b8c94db6cb53c95103588f16ae
- https://git.kernel.org/stable/c/dee1e51b54794e90763e70a3c78f27ba4fa930ec
- https://git.kernel.org/stable/c/fa2b822d86be5b5ad54fe4fa2daca464e71ff90a
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.212