CVE-2025-38495
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-07-28

Last updated on: 2025-11-03

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: HID: core: ensure the allocated report buffer can contain the reserved report ID When the report ID is not used, the low level transport drivers expect the first byte to be 0. However, currently the allocated buffer not account for that extra byte, meaning that instead of having 8 guaranteed bytes for implement to be working, we only have 7.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-07-28
Last Modified
2025-11-03
Generated
2026-05-07
AI Q&A
2025-07-28
EPSS Evaluated
2026-05-05
NVD
CVE-2025-38495
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability in the Linux kernel's HID core relates to the allocation of the report buffer. When the report ID is not used, low level transport drivers expect the first byte of the buffer to be 0. However, the allocated buffer does not account for this extra byte, resulting in only 7 guaranteed bytes instead of the expected 8. This can cause issues in how the buffer is handled.


How can this vulnerability impact me? :

The vulnerability can impact the correct functioning of HID devices by providing a smaller buffer than expected, potentially leading to incorrect data handling or communication errors between the device and the system.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart