HID Sensor Interface Vulnerability in Chicony Electronics HP 5MP Cameras
CVE-2025-38540

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 16 August 2025

What is CVE-2025-38540?

The Chicony Electronics HP 5MP Cameras have a vulnerability that affects their HID sensor interface, which is not correctly implemented. This results in an unintended consequence where attempts to access this non-functional sensor using iio_info can lead to system hangs. Consequently, runtime power management attempts to interact with an unresponsive sensor. To mitigate this issue, these specific models should be added to the HID ignore list, preventing unnecessary exposure to the userspace.

Affected Version(s)

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 35f1a5360ac68d9629abbb3930a0a07901cba296

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 7ac00f019698f614a49cce34c198d0568ab0e1c2

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 1b297ab6f38ca60a4ca7298b297944ec6043b2f4

References

https://git.kernel.org/stable/c/35f1a5360ac68d9629abbb393...

https://git.kernel.org/stable/c/7ac00f019698f614a49cce34c...

https://git.kernel.org/stable/c/1b297ab6f38ca60a4ca7298b2...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 16, 2025
Vulnerability Reserved
Apr 16, 2025