CVE-2025-21992

HID: ignore non-functional sensor in HP 5MP Camera

Severity Score

9.8

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved: HID: ignore non-functional sensor in HP 5MP Camera The HP 5MP Camera (USB ID 0408:5473) reports a HID sensor interface that
is not actually implemented. Attempting to access this non-functional
sensor via iio_info causes system hangs as runtime PM tries to wake up
an unresponsive sensor. [453] hid-sensor-hub 0003:0408:5473.0003: Report latency attributes: ffffffff:ffffffff [453] hid-sensor-hub 0003:0408:5473.0003: common attributes: 5:1, 2:1, 3:1 ffffffff:ffffffff Add this device to the HID ignore list since the sensor interface is
non-functional by design and should not be exposed to userspace.

In the Linux kernel, the following vulnerability has been resolved: HID: ignore non-functional sensor in HP 5MP Camera The HP 5MP Camera (USB ID 0408:5473) reports a HID sensor interface that is not actually implemented. Attempting to access this non-functional sensor via iio_info causes system hangs as runtime PM tries to wake up an unresponsive sensor. [453] hid-sensor-hub 0003:0408:5473.0003: Report latency attributes: ffffffff:ffffffff [453] hid-sensor-hub 0003:0408:5473.0003: common attributes: 5:1, 2:1, 3:1 ffffffff:ffffffff Add this device to the HID ignore list since the sensor interface is non-functional by design and should not be exposed to userspace.

Michael Randrianantenaina discovered that the Bluetooth driver in the Linux Kernel contained an improper access control vulnerability. A nearby attacker could use this to connect a rougue device and possibly execute arbitrary code. It was discovered that the CIFS network file system implementation in the Linux kernel did not properly verify the target namespace when handling upcalls. An attacker could use this to expose sensitive information.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2024-12-29 CVE Reserved
2025-04-02 CVE Published
2025-11-03 CVE Updated
2025-11-05 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (8)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/9af297aea8f76a0ad21f2de5f2cd6401a748b9c3	2025-04-10
https://git.kernel.org/stable/c/b6c6c2d8ab4932e5d6d439f514276cb3d257b8fe	2025-04-10
https://git.kernel.org/stable/c/007a849126ef7907761af6a1379400558a72e703	2025-04-10
https://git.kernel.org/stable/c/9acdb0059fb6b82158e15adae91e629cb5974564	2025-03-28
https://git.kernel.org/stable/c/7a7ada33879a631b05b536e66d1c5b1219d3bade	2025-03-22
https://git.kernel.org/stable/c/6ca3d4d87af406a390a34ea924ab65c517e6e132	2025-03-22
https://git.kernel.org/stable/c/920ea73215dbf948b661b88a79cb47b7f96adfbd	2025-03-22
https://git.kernel.org/stable/c/363236d709e75610b628c2a4337ccbe42e454b6d	2025-02-03

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 5.4.292 Search vendor "Linux" for product "Linux Kernel" and version " < 5.4.292"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 5.10.236 Search vendor "Linux" for product "Linux Kernel" and version " < 5.10.236"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 5.15.180 Search vendor "Linux" for product "Linux Kernel" and version " < 5.15.180"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 6.1.132 Search vendor "Linux" for product "Linux Kernel" and version " < 6.1.132"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 6.6.84 Search vendor "Linux" for product "Linux Kernel" and version " < 6.6.84"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 6.12.20 Search vendor "Linux" for product "Linux Kernel" and version " < 6.12.20"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 6.13.8 Search vendor "Linux" for product "Linux Kernel" and version " < 6.13.8"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 6.14 Search vendor "Linux" for product "Linux Kernel" and version " < 6.14"		en		Affected