CVE-2025-38103
Published: Jul 3, 2025
Modified: May 23, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: HID: usbhid: Eliminate recurrent out-of-bounds bug in usbhid_parse() Update struct hid_descriptor to better reflect the mandatory and optional parts of the HID Descriptor as per USB HID 1.11 specification. Note: the kernel currently does not parse any optional HID class descriptors, only the mandatory report descriptor. Update all references to member element desc[0] to rpt_desc. Add test to verify bLength and bNumDescriptors values are valid. Replace the for loop with direct access to the mandatory HID class descriptor member for the report descriptor. This eliminates the possibility of getting an out-of-bounds fault. Add a warning message if the HID descriptor contains any unsupported optional HID class descriptors.
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected f043bfc98c193c284e2cd768fefabe18ac2fed9b - < 7a6d6b68db128da2078ccd9a751dfa3f75c9cf5baffected f043bfc98c193c284e2cd768fefabe18ac2fed9b - < 41827a2dbdd7880df9881506dee13bc88d4230bbaffected f043bfc98c193c284e2cd768fefabe18ac2fed9b - < 1df80d748f984290c895e843401824215dcfbfb0affected f043bfc98c193c284e2cd768fefabe18ac2fed9b - < a8f842534807985d3a676006d140541b87044345affected f043bfc98c193c284e2cd768fefabe18ac2fed9b - < 4fa7831cf0ac71a0a345369d1a6084f2b096e55e+17 more versions |
Linux | Linux | affected 4.14unaffected 0 - < 4.14unaffected 5.4.295 - <= 5.4.*unaffected 5.10.239 - <= 5.10.*unaffected 5.15.186 - <= 5.15.*+5 more versions |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now