Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2025-38494

Опубликовано: 28 июл. 2025
Источник: redhat
CVSS3: 6.3
EPSS Низкий

Описание

In the Linux kernel, the following vulnerability has been resolved: HID: core: do not bypass hid_hw_raw_request hid_hw_raw_request() is actually useful to ensure the provided buffer and length are valid. Directly calling in the low level transport driver function bypassed those checks and allowed invalid paramto be used.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 10kernelOut of support scope
Red Hat Enterprise Linux 6kernelOut of support scope
Red Hat Enterprise Linux 7kernelOut of support scope
Red Hat Enterprise Linux 7kernel-rtOut of support scope
Red Hat Enterprise Linux 8kernelOut of support scope
Red Hat Enterprise Linux 8kernel-rtOut of support scope
Red Hat Enterprise Linux 9kernelOut of support scope
Red Hat Enterprise Linux 9kernel-rtOut of support scope

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-805
https://bugzilla.redhat.com/show_bug.cgi?id=2383905kernel: HID: core: do not bypass hid_hw_raw_request

EPSS

Процентиль: 0%
0.00006
Низкий

6.3 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2025-38494

CVSS3: 7.8
ubuntu
8 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: HID: core: do not bypass hid_hw_raw_request hid_hw_raw_request() is actually useful to ensure the provided buffer and length are valid. Directly calling in the low level transport driver function bypassed those checks and allowed invalid paramto be used.

nvd логотип

CVE-2025-38494

CVSS3: 7.8
nvd
8 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: HID: core: do not bypass hid_hw_raw_request hid_hw_raw_request() is actually useful to ensure the provided buffer and length are valid. Directly calling in the low level transport driver function bypassed those checks and allowed invalid paramto be used.

msrc логотип

CVE-2025-38494

CVSS3: 7.8
msrc
7 месяцев назад

HID: core: do not bypass hid_hw_raw_request

debian логотип

CVE-2025-38494

CVSS3: 7.8
debian
8 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: H ...

github логотип

GHSA-9ww5-wgf4-8cfm

CVSS3: 7.8
github
8 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: HID: core: do not bypass hid_hw_raw_request hid_hw_raw_request() is actually useful to ensure the provided buffer and length are valid. Directly calling in the low level transport driver function bypassed those checks and allowed invalid paramto be used.

EPSS

Процентиль: 0%
0.00006
Низкий

6.3 Medium

CVSS3