CVE-2025-38494

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-38494

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-38494.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2025-38494

Downstream

BELL-CVE-2025-38494

DEBIAN-CVE-2025-38494

DSA-5973-1

DSA-5975-1

ECHO-9a27-5aaa-6fcf

OESA-2025-2080

OESA-2025-2118

OESA-2025-2119

OESA-2025-2121

OESA-2025-2122

OESA-2025-2268

SUSE-SU-2025:02846-1

SUSE-SU-2025:02848-1

SUSE-SU-2025:02849-1

SUSE-SU-2025:02850-1

SUSE-SU-2025:02851-1

SUSE-SU-2025:02852-1

SUSE-SU-2025:02853-1

SUSE-SU-2025:02854-1

SUSE-SU-2025:02857-1

SUSE-SU-2025:02858-1

SUSE-SU-2025:02859-1

SUSE-SU-2025:02860-1

SUSE-SU-2025:02871-1

SUSE-SU-2025:02873-1

SUSE-SU-2025:02875-1

SUSE-SU-2025:02876-1

SUSE-SU-2025:02878-1

SUSE-SU-2025:02883-1

SUSE-SU-2025:02884-1

SUSE-SU-2025:02918-1

SUSE-SU-2025:02922-1

SUSE-SU-2025:02923-1

SUSE-SU-2025:02932-1

SUSE-SU-2025:02933-1

SUSE-SU-2025:02934-1

SUSE-SU-2025:02969-1

SUSE-SU-2025:03023-1

UBUNTU-CVE-2025-38494

Related

Published

2025-07-28T12:15:31Z

Modified

2025-08-30T18:01:37Z

Summary

[none]

Details

In the Linux kernel, the following vulnerability has been resolved:

HID: core: do not bypass hidhwraw_request

hidhwraw_request() is actually useful to ensure the provided buffer and length are valid. Directly calling in the low level transport driver function bypassed those checks and allowed invalid paramto be used.

References

Affected packages