AZL-73464

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-73464.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-73464

Upstream

CVE-2025-38495

Published

2025-07-28T12:15:31Z

Modified

2026-04-01T05:22:38.292146Z

Summary

CVE-2025-38495 affecting package kernel for versions less than 5.15.200.1-1

Details

In the Linux kernel, the following vulnerability has been resolved:

HID: core: ensure the allocated report buffer can contain the reserved report ID

When the report ID is not used, the low level transport drivers expect the first byte to be 0. However, currently the allocated buffer not account for that extra byte, meaning that instead of having 8 guaranteed bytes for implement to be working, we only have 7.

References

https://nvd.nist.gov/vuln/detail/CVE-2025-38495

Affected packages

Azure Linux:2 / kernel

Package

Name: kernel
Purl: pkg:rpm/azure-linux/kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.15.200.1-1

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-73464.json"