CVE-2025-37862
- Source
- https://cve.org/CVERecord?id=CVE-2025-37862
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-37862.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2025-37862
- Downstream
- Related
- Published
- 2025-05-09T06:42:07.941Z
- Modified
- 2026-03-11T07:45:00.115341Z
- Summary
- HID: pidff: Fix null pointer dereference in pidff_find_fields
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
HID: pidff: Fix null pointer dereference in pidfffindfields
This function triggered a null pointer dereference if used to search for a report that isn't implemented on the device. This happened both for optional and required reports alike.
The same logic was applied to pidfffindspecialfield and although pidffinit_fields should return an error earlier if one of the required reports is missing, future modifications could change this logic and resurface this possible null pointer dereference again.
LKML bug report: https://lore.kernel.org/all/CAL-gK7f5=R0nrrQdPtaZZr1fd-cdAMbDMuZ_NLA8vM0SX+nGSw@mail.gmail.com
- Database specific
{ "cna_assigner": "Linux", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/37xxx/CVE-2025-37862.json" }- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/22a05462c3d0eee15154faf8d13c49e6295270a5
- https://git.kernel.org/stable/c/3a507184f9307e19cb441b897c49e7843c94e56b
- https://git.kernel.org/stable/c/44a1b8b2027afbb37e418993fb23561bdb9efb38
- https://git.kernel.org/stable/c/6b4449e4f03326fbd2136e67bfcc1e6ffe61541d
- https://git.kernel.org/stable/c/be706a48bb7896d4130edc82811233d1d62158e7
- https://git.kernel.org/stable/c/d230becb9d38b7325c5c38d051693e4c26b1829b
- https://git.kernel.org/stable/c/ddb147885225d768025f6818df533d30edf3e102
- https://git.kernel.org/stable/c/e368698da79af821f18c099520deab1219c2044b
- https://git.kernel.org/stable/c/f8f4d77710e1c38f4a2bd26c88c4878b5b5e817a
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/37xxx/CVE-2025-37862.json
- https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html
- https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html
- https://nvd.nist.gov/vuln/detail/CVE-2025-37862
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced224ee88fe39564358ec99b46bf3ee6e6999ae17dFixed44a1b8b2027afbb37e418993fb23561bdb9efb38Fixedd230becb9d38b7325c5c38d051693e4c26b1829bFixed6b4449e4f03326fbd2136e67bfcc1e6ffe61541dFixedddb147885225d768025f6818df533d30edf3e102Fixedbe706a48bb7896d4130edc82811233d1d62158e7Fixedf8f4d77710e1c38f4a2bd26c88c4878b5b5e817aFixed3a507184f9307e19cb441b897c49e7843c94e56bFixede368698da79af821f18c099520deab1219c2044bFixed22a05462c3d0eee15154faf8d13c49e6295270a5