CVE-2025-38495 – Linux Kernel HID Buffer Undersized

CVE ID : CVE-2025-38495

Published : July 28, 2025, 12:15 p.m. | 1 hour, 5 minutes ago

Description : In the Linux kernel, the following vulnerability has been resolved:

HID: core: ensure the allocated report buffer can contain the reserved report ID

When the report ID is not used, the low level transport drivers expect
the first byte to be 0. However, currently the allocated buffer not
account for that extra byte, meaning that instead of having 8 guaranteed
bytes for implement to be working, we only have 7.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…