Linux Kernel Vulnerability in HID Ntrig Device
CVE-2025-39808

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 16 September 2025

What is CVE-2025-39808?

A vulnerability in the Linux kernel's HID Ntrig driver allows for a null pointer dereference in the ntrig_report_version() function. If the hdev parameter passed from hid_probe() leads to a null parent device, it can result in an invalid USB device address being used. This can trigger a page fault when interacting with the affected devices, potentially compromising system stability. A fix has been implemented by adding null check logic to handle this scenario safely.

Affected Version(s)

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 22ddb5eca4af5e69dffe2b54551d2487424448f1

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 019c34ca11372de891c06644846eb41fca7c890c

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 4338b0f6544c3ff042bfbaf40bc9afe531fb08c7

References

https://git.kernel.org/stable/c/22ddb5eca4af5e69dffe2b545...

https://git.kernel.org/stable/c/019c34ca11372de891c066448...

https://git.kernel.org/stable/c/4338b0f6544c3ff042bfbaf40...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 16, 2025
Vulnerability Reserved
Apr 16, 2025