SB2025072952 - Incorrect calculation in Linux kernel hid driver
Published: July 29, 2025
Security Bulletin ID
SB2025072952
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Incorrect calculation (CVE-ID: CVE-2025-38495)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the hid_alloc_report_buf() function in drivers/hid/hid-core.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/4f15ee98304b96e164ff2340e1dfd6181c3f42aa
- https://git.kernel.org/stable/c/a262370f385e53ff7470efdcdaf40468e5756717
- https://git.kernel.org/stable/c/a47d9d9895bad9ce0e840a39836f19ca0b2a343a
- https://git.kernel.org/stable/c/d3ed1d84a84538a39b3eb2055d6a97a936c108f2
- https://git.kernel.org/stable/c/fcda39a9c5b834346088c14b1374336b079466c1