Buffer Validation Flaw in Linux Kernel's HID Component
CVE-2025-38494

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 28 July 2025

What is CVE-2025-38494?

A buffer validation error exists in the Linux kernel's HID component, where the function hid_hw_raw_request() fails to validate the provided buffer and length parameters. This flaw allows low-level transport drivers to circumvent essential checks, leading to the potential use of invalid parameters. This vulnerability highlights the critical need for robust buffer validation to ensure that only safe and accurate data is processed in device communication, significantly impacting overall system integrity.

Affected Version(s)

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 0e5017d84d650ca0eeaf4a3fe9264c5dbc886b81

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

References

https://git.kernel.org/stable/c/a62a895edb2bfebffa865b512...

https://git.kernel.org/stable/c/0e5017d84d650ca0eeaf4a3fe...

https://git.kernel.org/stable/c/d18f63e848840100dbc351a82...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 28, 2025
Vulnerability Reserved
Apr 16, 2025