CVE-2025-38495

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-38495

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-38495.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2025-38495

Downstream

BELL-CVE-2025-38495

DEBIAN-CVE-2025-38495

DSA-5973-1

DSA-5975-1

ECHO-9365-ac32-8dc9

OESA-2025-2054

OESA-2025-2055

OESA-2025-2056

OESA-2025-2058

OESA-2025-2059

SUSE-SU-2025:02846-1

SUSE-SU-2025:02848-1

SUSE-SU-2025:02849-1

SUSE-SU-2025:02850-1

SUSE-SU-2025:02851-1

SUSE-SU-2025:02852-1

SUSE-SU-2025:02853-1

SUSE-SU-2025:02854-1

SUSE-SU-2025:02857-1

SUSE-SU-2025:02858-1

SUSE-SU-2025:02859-1

SUSE-SU-2025:02860-1

SUSE-SU-2025:02871-1

SUSE-SU-2025:02873-1

SUSE-SU-2025:02875-1

SUSE-SU-2025:02876-1

SUSE-SU-2025:02878-1

SUSE-SU-2025:02883-1

SUSE-SU-2025:02884-1

SUSE-SU-2025:02918-1

SUSE-SU-2025:02922-1

SUSE-SU-2025:02923-1

SUSE-SU-2025:02932-1

SUSE-SU-2025:02933-1

SUSE-SU-2025:02934-1

SUSE-SU-2025:02969-1

SUSE-SU-2025:03023-1

UBUNTU-CVE-2025-38495

Related

Published

2025-07-28T12:15:31Z

Modified

2025-08-30T18:01:35Z

Summary

[none]

Details

In the Linux kernel, the following vulnerability has been resolved:

HID: core: ensure the allocated report buffer can contain the reserved report ID

When the report ID is not used, the low level transport drivers expect the first byte to be 0. However, currently the allocated buffer not account for that extra byte, meaning that instead of having 8 guaranteed bytes for implement to be working, we only have 7.

References

Affected packages