SB2025070430 - Out-of-bounds read in Linux kernel hid driver
Published: July 4, 2025
Security Bulletin ID
SB2025070430
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Out-of-bounds read (CVE-ID: CVE-2025-38103)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the cpu_to_le16(), hidg_setup() and hidg_bind() functions in drivers/usb/gadget/function/f_hid.c, within the usbhid_parse() function in drivers/hid/usbhid/hid-core.c, within the mousevsc_on_receive_device_info() function in drivers/hid/hid-hyperv.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/1df80d748f984290c895e843401824215dcfbfb0
- https://git.kernel.org/stable/c/41827a2dbdd7880df9881506dee13bc88d4230bb
- https://git.kernel.org/stable/c/485e1b741eb838cbe1d6b0e81e5ab62ae6c095cf
- https://git.kernel.org/stable/c/4fa7831cf0ac71a0a345369d1a6084f2b096e55e
- https://git.kernel.org/stable/c/74388368927e9c52a69524af5bbd6c55eb4690de
- https://git.kernel.org/stable/c/7a6d6b68db128da2078ccd9a751dfa3f75c9cf5b
- https://git.kernel.org/stable/c/a8f842534807985d3a676006d140541b87044345
- https://git.kernel.org/stable/c/fe7f7ac8e0c708446ff017453add769ffc15deed