SB20250916386 - Input validation error in Linux kernel hid driver
Published: September 16, 2025
Security Bulletin ID
SB20250916386
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Input validation error (CVE-ID: CVE-2025-39806)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the mt_report_fixup() function in drivers/hid/hid-multitouch.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/0379eb8691b9c4477da0277ae0832036ca4410b4
- https://git.kernel.org/stable/c/3055309821dd3da92888f88bad10f0324c3c89fe
- https://git.kernel.org/stable/c/4263e5851779f7d8ebfbc9cc7d2e9b0217adba8d
- https://git.kernel.org/stable/c/7ab7311c43ae19c66c53ccd8c5052a9072a4e338
- https://git.kernel.org/stable/c/c13e95587583d018cfbcc277df7e02d41902ac5a
- https://git.kernel.org/stable/c/d4e6e2680807671e1c73cd6a986b33659ce92f2b