CVE-2026-23382

In commit 2ff5baa9b527 ("HID: appleir: Fix potential NULL dereference at raw event handle"), we handle the fact that raw event callbacks can happen even for a HID device that has not been "claimed" causing a crash if a broken device were attempted to be connected to the system.

Fix up the remaining in-tree HID drivers that forgot to add this same check to resolve the same issue.

Database specific

{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/23xxx/CVE-2026-23382.json",
    "cna_assigner": "Linux"
}

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

d0742abaa1c396a26bb3d3ce2732988cd3faa020

Fixed

ac83b0d91a3f4f0c012ba9c85fb99436cddb1208

Fixed

6e330889e6c8db99f04d4feb861d23de4e8fbb13

Fixed

892dbaf46bb738dacf1fa663eadb3712c85868f0

Fixed

20864e3e41c74cda253a9fa6b6fe093c1461a6a9

Fixed

575122cd6569c4c4aa13c4c9958fea506724c788

Fixed

ecfa6f34492c493a9a1dc2900f3edeb01c79946b

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-23382.json"

Linux / Kernel

Package

Name: Kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.6.35

Fixed

6.1.167

Type: ECOSYSTEM
Events: Introduced

6.2.0

Fixed

6.6.130

Type: ECOSYSTEM
Events: Introduced

6.7.0

Fixed

6.12.77

Type: ECOSYSTEM
Events: Introduced

6.13.0

Fixed

6.18.17

Type: ECOSYSTEM
Events: Introduced

6.19.0

Fixed

6.19.7

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-23382.json"