CVE-2025-21948

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to the fixed version

Description A NULL pointer dereference issue was found in the Linux kernel, specifically in the input event() function. This issue occurs due to malformed report items sent by an emulated device, resulting in a report with no fields being added to the report list. As a consequence, the appleir input configured() function is never called, and the hidinput connect() function fails, leading to the HID CLAIMED INPUT flag not being set. However, this does not prevent the appleir probe() function from succeeding, allowing the event callback to be called without an associated input device. The issue was discovered by the Linux Verification Center using Syzkaller.

Recommendations To resolve this issue, update the Linux kernel to a version that includes the fix for the NULL pointer dereference in the input event() function. As a temporary workaround, consider adding a check for the HID CLAIMED INPUT flag in the event callback and leave the event hook early if the driver didn't claim any input dev for some reason.