CVE-2025-38495

July 29, 2025, 2:14 p.m.

None
No Score

Description

In the Linux kernel, the following vulnerability has been resolved: HID: core: ensure the allocated report buffer can contain the reserved report ID When the report ID is not used, the low level transport drivers expect the first byte to be 0. However, currently the allocated buffer not account for that extra byte, meaning that instead of having 8 guaranteed bytes for implement to be working, we only have 7.

Product(s) Impacted

Vendor Product Versions
Linux
  • Linux Kernel
  • *

Weaknesses

Common security weaknesses mapped to this vulnerability.

*CPE(s)

Affected systems and software identified for this CVE.

Type Vendor Product Version Update Edition Language Software Edition Target Software Target Hardware Other Information
a linux linux_kernel / / / / / / / /

References

https://git.kernel.org/stable/c/4f15ee98304b96e164ff2340e1dfd6181c3f42aa
https://git.kernel.org/stable/c/a262370f385e53ff7470efdcdaf40468e5756717
https://git.kernel.org/stable/c/a47d9d9895bad9ce0e840a39836f19ca0b2a343a
https://git.kernel.org/stable/c/d3ed1d84a84538a39b3eb2055d6a97a936c108f2
https://git.kernel.org/stable/c/fcda39a9c5b834346088c14b1374336b079466c1

Tags

416baaa9-dc9f-4396-8d5f-8c081fb06d67
2025-07-28
CVE-2025-38495

Timeline

Published: July 28, 2025, 12:15 p.m.
Last Modified: July 29, 2025, 2:14 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

416baaa9-dc9f-4396-8d5f-8c081fb06d67

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.