CVE-2026-23382 HID: Add HID_CLAIMED_INPUT guards in raw_event callbacks missing them

In the Linux kernel, the following vulnerability has been resolved: HID: Add HIDCLAIMEDINPUT guards in rawevent callbacks missing them In commit 2ff5baa9b527 "HID: appleir: Fix potential NULL dereference at raw event handle", we handle the fact that raw event callbacks can happen even for a HID...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-004054)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004054 advisory. In the Linux kernel before 5.3.9, there are multiple out-of-bounds write bugs that can be caused by a malicious USB device in the Linux kernel HID drivers, aka...

Security update for bluez

This update for bluez fixes the following issues: CVE-2023-45866: keystroke injection and arbitrary command execution via HID device connections bsc1217877. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...

EUVD-2019-1366

Malware in sbrugna...

USN-7790-1: Linux kernel (Raspberry Pi) vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - x86 architecture; - Compute Acceleration Framework; - Bus devices; - AMD CDX bus driver; - DP...

SUSE SLES15 Security Update : kernel (Live Patch 48 for SLE 15 SP3) (SUSE-SU-2025:02894-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:02894-1 advisory. This update for the Linux Kernel 5.3.18-15030059174 fixes several issues. The following security issues were fixed: - CVE-2025-38494: HID: cor...

CVE-2025-38556

The Connected documents confirm CVE-2025-38556 affects the Linux kernel HID core, where the s32ton() conversion could crash when invoked with 0 bits. The fix HardenS32ton() so that it returns a reasonable result instead of faulting on 0-bit input, aligning behavior with snto32(). This CVE entry i...

PT-2025-33756

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.15.0 31 Description: A flaw exists in the Linux kernel related to Human Interface Devices HID with the APPLE MAGIC BACKLIGHT quirk. A malicious HID device can trigger a NULL pointer dereference within the appl...

USN-7591-3 linux-intel-iot-realtime, linux-realtime vulnerabilities

Michael Randrianantenaina discovered that the Bluetooth driver in the Linux Kernel contained an improper access control vulnerability. A nearby attacker could use this to connect a rougue device and possibly execute arbitrary code. CVE-2024-8805 It was discovered that the CIFS network file system...

USN-7402-1 linux, linux-aws, linux-gcp, linux-gke, linux-gkeop, linux-ibm, linux-lowlatency, linux-lowlatency-hwe-6.8, linux-oem-6.8, linux-oracle, linux-oracle-6.8 vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Block layer subsystem; - GPU drivers; - HID subsystem; - Media drivers; - JFS file system; - Network namespace; -...

kernel: HID: core: zero-initialize the report buffer

A vulnerability was found in the Linux kernel's driver for Human Interface Devices. This flaw allows an attacker to use a malicious input device to read information from the report buffer. This could be used to leak kernel memory, enabling the exploitation of additional vulnerabilities...

kernel: HID: core: zero-initialize the report buffer

A vulnerability was found in the Linux kernel's driver for Human Interface Devices. This flaw allows an attacker to use a malicious input device to read information from the report buffer. This could be used to leak kernel memory, enabling the exploitation of additional vulnerabilities...

PT-2025-2419 · Bluetooth · Bluetooth

Name of the Vulnerable Software and Affected Versions: Bluetooth affected versions not specified Description: The issue is caused by a logic error in the code that allows for the bypass of user consent to enable new Bluetooth Human Interface Devices HID. This could lead to a local escalation of...

kernel: memory leak in drivers/hid/hid-elo.c

A memory leak flaw was found in eloprobe in drivers/hid/hid-elo.c in the Human Interface Devices HID in the Linux kernel. This issue allows an attacker to cause a denial of service when hidparse in eloprobe fails...

kernel: memory leak in drivers/hid/hid-elo.c

A memory leak flaw was found in eloprobe in drivers/hid/hid-elo.c in the Human Interface Devices HID in the Linux kernel. This issue allows an attacker to cause a denial of service when hidparse in eloprobe fails...

PT-2022-1509 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Windows affected versions not specified Description: The issue is related to insecure privilege management in the Human Interface Devices component of the Windows operating system. It allows an attacker to elevate their privileges, potentiall...

CLSA-2021-1632261812 Fix of CVE: CVE-2020-25211, CVE-2020-25656, CVE-2019-19532, CVE-2020-29661

CKSIX-277: CVE-2020-29661: tty: Fix -pgrp locking in tiocspgrp - CKSIX-277: CVE-2020-25656: vt: keyboard, extend funcbuflock to readers - CKSIX-277: CVE-2020-25656: tty/vt: fix write/write race in ioctlKDSKBSENT handler - CKSIX-277: CVE-2020-25656: vt: keyboard, simplify vtkdgkbsent - CKSIX-277:...

kernel: possible out of bounds write in kbd_keycode of keyboard.c

A flaw out of bounds write in the Linux kernel human interface devices subsystem was found in the way user calls find key code by index. A local user could use this flaw to crash the system or escalate privileges on the system...

kernel: malicious USB devices can lead to multiple out-of-bounds write

An out-of-bounds write flaw was found in the Linux kernel’s HID drivers. An attacker, able to plug in a malicious USB device, can crash the system or read and write to memory with an incorrect address...

CVE-2020-0431

A flaw out of bounds write in the Linux kernel human interface devices subsystem was found in the way user calls find key code by index. A local user could use this flaw to crash the system or escalate privileges on the system. Mitigation Mitigation for this issue is either not available or the...