ROS-20260317-73-0027

A vulnerability in the hidhwrawrequest function of the Low Level Transport driver of the Linux kernel is related to buffer copying without checking the size of the input data. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

HID: core: do not bypass hid_hw_raw_request

...

AZL-65913 CVE-2025-38494 affecting package kernel for versions less than 6.6.104.2-1

In the Linux kernel, the following vulnerability has been resolved: HID: core: do not bypass hidhwrawrequest hidhwrawrequest is actually useful to ensure the provided buffer and length are valid. Directly calling in the low level transport driver function bypassed those checks and allowed invalid...

AZL-75249 CVE-2025-38494 affecting package kernel for versions less than 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: HID: core: do not bypass hidhwrawrequest hidhwrawrequest is actually useful to ensure the provided buffer and length are valid. Directly calling in the low level transport driver function bypassed those checks and allowed invalid...

UBUNTU-CVE-2025-38494

In the Linux kernel, the following vulnerability has been resolved: HID: core: do not bypass hidhwrawrequest hidhwrawrequest is actually useful to ensure the provided buffer and length are valid. Directly calling in the low level transport driver function bypassed those checks and allowed invalid...

CVE-2025-38494

CVE-2025-38494 (Linux kernel) : In the HID core, hid_hw_raw_request() checks were bypassed by a low-level transport path, allowing the use of invalid parameters. The vulnerability was resolved in the Linux kernel; advisories from Debian/Amazon/RHEL references confirm the fix. Impact is high (loca...