CVE-2025-38494

HID: core: do not bypass hid_hw_raw_request

Severity Score

7.1

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved: HID: core: do not bypass hid_hw_raw_request hid_hw_raw_request() is actually useful to ensure the provided buffer
and length are valid. Directly calling in the low level transport driver
function bypassed those checks and allowed invalid paramto be used.

En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: HID: núcleo: no omitir hid_hw_raw_request. hid_hw_raw_request() es útil para garantizar la validez del búfer y la longitud proporcionados. Llamar directamente a la función del controlador de transporte de bajo nivel omitía estas comprobaciones y permitía el uso de parámetros no válidos.

In the Linux kernel, the following vulnerability has been resolved: HID: core: do not bypass hid_hw_raw_request hid_hw_raw_request() is actually useful to ensure the provided buffer and length are valid. Directly calling in the low level transport driver function bypassed those checks and allowed invalid paramto be used.

Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. For the stable distribution (trixie), these problems have been fixed in version 6.12.41-1.

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

High

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2025-04-16 CVE Reserved
2025-07-28 CVE Published
2025-07-29 CVE Updated
2025-08-03 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (5)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/a62a895edb2bfebffa865b5129a66e3b4287f34f	2025-07-24
https://git.kernel.org/stable/c/0e5017d84d650ca0eeaf4a3fe9264c5dbc886b81	2025-07-24
https://git.kernel.org/stable/c/d18f63e848840100dbc351a82e7042eac5a28cf5	2025-07-24
https://git.kernel.org/stable/c/19d1314d46c0d8a5c08ab53ddeb62280c77698c0	2025-07-24
https://git.kernel.org/stable/c/c2ca42f190b6714d6c481dfd3d9b62ea091c946b	2025-07-13

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 6.1.147 Search vendor "Linux" for product "Linux Kernel" and version " < 6.1.147"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 6.6.100 Search vendor "Linux" for product "Linux Kernel" and version " < 6.6.100"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 6.12.40 Search vendor "Linux" for product "Linux Kernel" and version " < 6.12.40"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 6.15.8 Search vendor "Linux" for product "Linux Kernel" and version " < 6.15.8"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 6.16 Search vendor "Linux" for product "Linux Kernel" and version " < 6.16"		en		Affected