CVE-2026-23382
Published: March 26, 2026Last modified: April 9, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: HID: Add HID_CLAIMED_INPUT guards in raw_event callbacks missing them In commit 2ff5baa9b527 ("HID: appleir: Fix potential NULL dereference at raw event handle"), we handle the fact that raw event callbacks can happen even for a HID device that has not been "claimed" causing a crash if a broken device were attempted to be connected to the system. Fix up the remaining in-tree HID drivers that forgot to add this same check to resolve the same issue.
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 5.5 |
| Attack Vector | LOCAL |
| Attack complexity | LOW |
| Privileges required | LOW |
| User interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality | NONE |
| Integrity impact | NONE |
| Availability impact | HIGH |
| Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Status
| Product | Release | Package | Status |
|---|---|---|---|
| Alpaquita Linux | 23 LTS | linux-lts | Fixed (6.1.167-r0) |
| 25 LTS | linux-lts | Fixed (6.12.80-r0) | |
| Stream | linux-lts | Fixed (6.12.80-r0) |
References
- https://git.kernel.org/stable/c/20864e3e41c74cda253a9fa6b6fe093c1461a6a9
- https://git.kernel.org/stable/c/575122cd6569c4c4aa13c4c9958fea506724c788
- https://git.kernel.org/stable/c/6e330889e6c8db99f04d4feb861d23de4e8fbb13
- https://git.kernel.org/stable/c/892dbaf46bb738dacf1fa663eadb3712c85868f0
- https://git.kernel.org/stable/c/ac83b0d91a3f4f0c012ba9c85fb99436cddb1208
- https://git.kernel.org/stable/c/b48284d7f0f76023b215a3409cdc989b5081eadf
- https://git.kernel.org/stable/c/de316c1edf15bc30ff5e0d4c7b37c70fd41cf319
- https://git.kernel.org/stable/c/ecfa6f34492c493a9a1dc2900f3edeb01c79946b