CVE-2025-38540

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-38540
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-38540.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2025-38540
Downstream
Related
Published
2025-08-16T11:22:14.773Z
Modified
2026-03-12T02:17:06.894426Z
Summary
HID: quirks: Add quirk for 2 Chicony Electronics HP 5MP Cameras
Details

In the Linux kernel, the following vulnerability has been resolved:

HID: quirks: Add quirk for 2 Chicony Electronics HP 5MP Cameras

The Chicony Electronics HP 5MP Cameras (USB ID 04F2:B824 & 04F2:B82C) report a HID sensor interface that is not actually implemented. Attempting to access this non-functional sensor via iio_info causes system hangs as runtime PM tries to wake up an unresponsive sensor.

Add these 2 devices to the HID ignore list since the sensor interface is non-functional by design and should not be exposed to userspace.

Database specific 
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38540.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
83499b52c61f50292f0aae36499de8a8fc3e37c3
Fixed
35f1a5360ac68d9629abbb3930a0a07901cba296
Fixed
7ac00f019698f614a49cce34c198d0568ab0e1c2
Fixed
1b297ab6f38ca60a4ca7298b297944ec6043b2f4
Fixed
2b0931eee48208c25bb77486946dea8e96aa6a36
Fixed
3ce1d87d1f5d80322757aa917182deb7370963b9
Fixed
c72536350e82b53a1be0f3bfdf1511bba2827102
Fixed
a2a91abd19c574b598b1c69ad76ad9c7eedaf062
Fixed
54bae4c17c11688339eb73a04fd24203bb6e7494

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-38540.json"