CVE-2025-38494
Published: July 29, 2025Last modified: July 29, 2025
Description
In the Linux kernel, the following vulnerability has been resolved: HID: core: do not bypass hid_hw_raw_request hid_hw_raw_request() is actually useful to ensure the provided buffer and length are valid. Directly calling in the low level transport driver function bypassed those checks and allowed invalid paramto be used.
Status
| Product | Release | Package | Status |
|---|---|---|---|
| Alpaquita Linux | 23 LTS | linux-lts | Fixed (6.1.147-r0) |
| Stream | linux-lts | Fixed (6.6.100-r0) |
References
- https://git.kernel.org/stable/c/0e5017d84d650ca0eeaf4a3fe9264c5dbc886b81
- https://git.kernel.org/stable/c/19d1314d46c0d8a5c08ab53ddeb62280c77698c0
- https://git.kernel.org/stable/c/a62a895edb2bfebffa865b5129a66e3b4287f34f
- https://git.kernel.org/stable/c/c2ca42f190b6714d6c481dfd3d9b62ea091c946b
- https://git.kernel.org/stable/c/d18f63e848840100dbc351a82e7042eac5a28cf5