CVE-2025-38494

July 29, 2025, 2:14 p.m.

None
No Score

Description

In the Linux kernel, the following vulnerability has been resolved: HID: core: do not bypass hid_hw_raw_request hid_hw_raw_request() is actually useful to ensure the provided buffer and length are valid. Directly calling in the low level transport driver function bypassed those checks and allowed invalid paramto be used.

Product(s) Impacted

Vendor Product Versions
Linux
  • Linux Kernel
  • *

Weaknesses

Common security weaknesses mapped to this vulnerability.

*CPE(s)

Affected systems and software identified for this CVE.

Type Vendor Product Version Update Edition Language Software Edition Target Software Target Hardware Other Information
a linux linux_kernel / / / / / / / /

References

https://git.kernel.org/stable/c/0e5017d84d650ca0eeaf4a3fe9264c5dbc886b81
https://git.kernel.org/stable/c/19d1314d46c0d8a5c08ab53ddeb62280c77698c0
https://git.kernel.org/stable/c/a62a895edb2bfebffa865b5129a66e3b4287f34f
https://git.kernel.org/stable/c/c2ca42f190b6714d6c481dfd3d9b62ea091c946b
https://git.kernel.org/stable/c/d18f63e848840100dbc351a82e7042eac5a28cf5

Tags

416baaa9-dc9f-4396-8d5f-8c081fb06d67
2025-07-28
CVE-2025-38494

Timeline

Published: July 28, 2025, 12:15 p.m.
Last Modified: July 29, 2025, 2:14 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

416baaa9-dc9f-4396-8d5f-8c081fb06d67

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.