{"id":"CVE-2025-37862","summary":"HID: pidff: Fix null pointer dereference in pidff_find_fields","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nHID: pidff: Fix null pointer dereference in pidff_find_fields\n\nThis function triggered a null pointer dereference if used to search for\na report that isn't implemented on the device. This happened both for\noptional and required reports alike.\n\nThe same logic was applied to pidff_find_special_field and although\npidff_init_fields should return an error earlier if one of the required\nreports is missing, future modifications could change this logic and\nresurface this possible null pointer dereference again.\n\nLKML bug report:\nhttps://lore.kernel.org/all/CAL-gK7f5=R0nrrQdPtaZZr1fd-cdAMbDMuZ_NLA8vM0SX+nGSw@mail.gmail.com","modified":"2026-04-02T12:47:34.125517Z","published":"2025-05-09T06:42:07.941Z","related":["SUSE-SU-2025:02249-1","SUSE-SU-2025:02254-1","SUSE-SU-2025:02307-1","SUSE-SU-2025:02333-1","SUSE-SU-2025:02334-1","SUSE-SU-2025:02335-1","SUSE-SU-2025:02538-1","SUSE-SU-2025:02923-1","SUSE-SU-2025:20413-1","SUSE-SU-2025:20421-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/37xxx/CVE-2025-37862.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/22a05462c3d0eee15154faf8d13c49e6295270a5"},{"type":"WEB","url":"https://git.kernel.org/stable/c/3a507184f9307e19cb441b897c49e7843c94e56b"},{"type":"WEB","url":"https://git.kernel.org/stable/c/44a1b8b2027afbb37e418993fb23561bdb9efb38"},{"type":"WEB","url":"https://git.kernel.org/stable/c/6b4449e4f03326fbd2136e67bfcc1e6ffe61541d"},{"type":"WEB","url":"https://git.kernel.org/stable/c/be706a48bb7896d4130edc82811233d1d62158e7"},{"type":"WEB","url":"https://git.kernel.org/stable/c/d230becb9d38b7325c5c38d051693e4c26b1829b"},{"type":"WEB","url":"https://git.kernel.org/stable/c/ddb147885225d768025f6818df533d30edf3e102"},{"type":"WEB","url":"https://git.kernel.org/stable/c/e368698da79af821f18c099520deab1219c2044b"},{"type":"WEB","url":"https://git.kernel.org/stable/c/f8f4d77710e1c38f4a2bd26c88c4878b5b5e817a"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/37xxx/CVE-2025-37862.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-37862"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"224ee88fe39564358ec99b46bf3ee6e6999ae17d"},{"fixed":"44a1b8b2027afbb37e418993fb23561bdb9efb38"},{"fixed":"d230becb9d38b7325c5c38d051693e4c26b1829b"},{"fixed":"6b4449e4f03326fbd2136e67bfcc1e6ffe61541d"},{"fixed":"ddb147885225d768025f6818df533d30edf3e102"},{"fixed":"be706a48bb7896d4130edc82811233d1d62158e7"},{"fixed":"f8f4d77710e1c38f4a2bd26c88c4878b5b5e817a"},{"fixed":"3a507184f9307e19cb441b897c49e7843c94e56b"},{"fixed":"e368698da79af821f18c099520deab1219c2044b"},{"fixed":"22a05462c3d0eee15154faf8d13c49e6295270a5"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-37862.json"}}],"schema_version":"1.7.5"}