Linux Kernel HID Core Vulnerability in hid_hw_raw_request Function

Vulnerability

A vulnerability has been addressed in the Linux kernel's HID core, specifically related to the hid_hw_raw_request function. The issue arose because the function was called directly in a low-level transport driver, bypassing important checks on the validity of the buffer and length. This omission allowed invalid parameters to be used, potentially leading to undesirable behavior or exploitation.

Impact

By bypassing parameter validation, the vulnerability could allow for the use of invalid data in the HID request process, which might be exploited to cause unexpected behavior or errors in the system.

Added: Jul 28, 2025, 12:28 PM

Updated: Jul 28, 2025, 12:28 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

0.0

relevance

0.3

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

0.0

relevance

0.3

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel HID Core Vulnerability in hid_hw_raw_request Function

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating