{"id":"CVE-2025-38494","summary":"HID: core: do not bypass hid_hw_raw_request","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nHID: core: do not bypass hid_hw_raw_request\n\nhid_hw_raw_request() is actually useful to ensure the provided buffer\nand length are valid. Directly calling in the low level transport driver\nfunction bypassed those checks and allowed invalid paramto be used.","modified":"2026-04-16T04:39:12.261648377Z","published":"2025-07-28T11:22:03.180Z","related":["SUSE-SU-2025:02820-1","SUSE-SU-2025:02821-1","SUSE-SU-2025:02823-1","SUSE-SU-2025:02827-1","SUSE-SU-2025:02830-1","SUSE-SU-2025:02832-1","SUSE-SU-2025:02833-1","SUSE-SU-2025:02834-1","SUSE-SU-2025:02846-1","SUSE-SU-2025:02848-1","SUSE-SU-2025:02849-1","SUSE-SU-2025:02850-1","SUSE-SU-2025:02851-1","SUSE-SU-2025:02852-1","SUSE-SU-2025:02853-1","SUSE-SU-2025:02854-1","SUSE-SU-2025:02857-1","SUSE-SU-2025:02858-1","SUSE-SU-2025:02859-1","SUSE-SU-2025:02860-1","SUSE-SU-2025:02871-1","SUSE-SU-2025:02873-1","SUSE-SU-2025:02875-1","SUSE-SU-2025:02876-1","SUSE-SU-2025:02878-1","SUSE-SU-2025:02883-1","SUSE-SU-2025:02884-1","SUSE-SU-2025:02894-1","SUSE-SU-2025:02897-1","SUSE-SU-2025:02902-1","SUSE-SU-2025:02908-1","SUSE-SU-2025:02909-1","SUSE-SU-2025:02911-1","SUSE-SU-2025:02917-1","SUSE-SU-2025:02918-1","SUSE-SU-2025:02922-1","SUSE-SU-2025:02923-1","SUSE-SU-2025:02926-1","SUSE-SU-2025:02930-1","SUSE-SU-2025:02932-1","SUSE-SU-2025:02933-1","SUSE-SU-2025:02934-1","SUSE-SU-2025:02936-1","SUSE-SU-2025:02937-1","SUSE-SU-2025:02938-1","SUSE-SU-2025:02942-1","SUSE-SU-2025:02943-1","SUSE-SU-2025:02944-1","SUSE-SU-2025:02945-1","SUSE-SU-2025:02955-1","SUSE-SU-2025:02969-1","SUSE-SU-2025:02996-1","SUSE-SU-2025:02997-1","SUSE-SU-2025:03011-1","SUSE-SU-2025:03023-1","SUSE-SU-2025:03344-1","SUSE-SU-2025:20577-1","SUSE-SU-2025:20586-1","SUSE-SU-2025:20601-1","SUSE-SU-2025:20602-1","SUSE-SU-2025:20633-1","SUSE-SU-2025:20634-1","SUSE-SU-2025:20635-1","SUSE-SU-2025:20636-1","SUSE-SU-2025:20637-1","SUSE-SU-2025:20638-1","SUSE-SU-2025:20639-1","SUSE-SU-2025:20640-1","SUSE-SU-2025:20641-1","SUSE-SU-2025:20642-1","SUSE-SU-2025:20643-1","SUSE-SU-2025:20644-1","SUSE-SU-2025:20645-1","SUSE-SU-2025:20646-1","SUSE-SU-2025:20647-1","SUSE-SU-2025:20648-1","SUSE-SU-2025:20676-1","SUSE-SU-2025:20677-1","SUSE-SU-2025:20678-1","SUSE-SU-2025:20679-1","SUSE-SU-2025:20680-1","SUSE-SU-2025:20681-1","SUSE-SU-2025:20682-1","SUSE-SU-2025:20684-1","SUSE-SU-2025:20685-1","SUSE-SU-2025:20686-1","SUSE-SU-2025:20687-1","SUSE-SU-2025:20688-1","SUSE-SU-2025:20689-1","SUSE-SU-2025:20690-1","SUSE-SU-2025:20713-1","SUSE-SU-2025:20781-1","SUSE-SU-2025:21074-1","SUSE-SU-2025:21139-1","SUSE-SU-2025:21179-1","SUSE-SU-2025:4123-1","openSUSE-SU-2025:20081-1"],"database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38494.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/0e5017d84d650ca0eeaf4a3fe9264c5dbc886b81"},{"type":"WEB","url":"https://git.kernel.org/stable/c/19d1314d46c0d8a5c08ab53ddeb62280c77698c0"},{"type":"WEB","url":"https://git.kernel.org/stable/c/40e25aa7e4e0f2440c73a683ee448e41c7c344ed"},{"type":"WEB","url":"https://git.kernel.org/stable/c/a62a895edb2bfebffa865b5129a66e3b4287f34f"},{"type":"WEB","url":"https://git.kernel.org/stable/c/c2ca42f190b6714d6c481dfd3d9b62ea091c946b"},{"type":"WEB","url":"https://git.kernel.org/stable/c/d18f63e848840100dbc351a82e7042eac5a28cf5"},{"type":"WEB","url":"https://git.kernel.org/stable/c/dd8e8314f2ce225dade5248dcfb9e2ac0edda624"},{"type":"WEB","url":"https://git.kernel.org/stable/c/f10923b8d32a473b229477b63f23bbd72b1e9910"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38494.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-38494"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"4fa5a7f76cc7b6ac87f57741edd2b124851d119f"},{"fixed":"dd8e8314f2ce225dade5248dcfb9e2ac0edda624"},{"fixed":"40e25aa7e4e0f2440c73a683ee448e41c7c344ed"},{"fixed":"f10923b8d32a473b229477b63f23bbd72b1e9910"},{"fixed":"a62a895edb2bfebffa865b5129a66e3b4287f34f"},{"fixed":"0e5017d84d650ca0eeaf4a3fe9264c5dbc886b81"},{"fixed":"d18f63e848840100dbc351a82e7042eac5a28cf5"},{"fixed":"19d1314d46c0d8a5c08ab53ddeb62280c77698c0"},{"fixed":"c2ca42f190b6714d6c481dfd3d9b62ea091c946b"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-38494.json"}}],"schema_version":"1.7.5"}