Linux Kernel HID Report Buffer Vulnerability

Vulnerability

A vulnerability in the Linux kernel's Human Interface Device (HID) management has been addressed. The issue arose because the allocated report buffer did not properly account for the reserved report ID. When the report ID is unused, low-level transport drivers expect the first byte to be zero. As a result, the buffer only guaranteed seven bytes for implementation, instead of the required eight.

Impact

The vulnerability could lead to improper handling of HID report data, potentially causing issues in how devices are managed or interacted with at a low level.

Added: Jul 28, 2025, 12:26 PM

Updated: Jul 28, 2025, 12:26 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

0.0

relevance

0.3

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

0.0

relevance

0.3

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel HID Report Buffer Vulnerability

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating