Buffer Overflow in Linux Kernel due to Insufficient Report Buffer Allocation
CVE-2025-38495

Currently unrated

Key Information:

Vendor

Linux
Status
Linux
Vendor
CVE Published:
28 July 2025

What is CVE-2025-38495?

A vulnerability exists in the Linux kernel's HID subsystem, where the allocated report buffer is not appropriately sized to accommodate the reserved report ID. When the report ID is not in use, low-level transport drivers expect the initial byte to be 0. The current implementation fails to account for this extra byte, resulting in a situation where the report buffer guarantees only 7 bytes of usable space instead of the necessary 8 bytes. This flaw can lead to unexpected behavior in drivers that rely on the correct buffer allocation.

Affected Version(s)

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

References

https://git.kernel.org/stable/c/d3ed1d84a84538a39b3eb2055...
https://git.kernel.org/stable/c/fcda39a9c5b834346088c14b1...
https://git.kernel.org/stable/c/a262370f385e53ff7470efdcd...

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-38495 : Buffer Overflow in Linux Kernel due to Insufficient Report Buffer Allocation