PT-2025-31090 · Linux+5 · Linux Kernel+5
Published
2025-07-10
·
Updated
2026-05-26
·
CVE-2025-38494
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Linux kernel versions prior to 6.1.147 (bookworm), 6.12.41 (trixie), and 5.10.244 (bullseye).
Linux kernel version 6.6.101
Description
The Linux kernel contains vulnerabilities that could lead to privilege escalation, denial of service, or information leaks. Specifically, a vulnerability exists in the HID subsystem where the
hid hw raw request() function lacked proper input validation, allowing an attacker to bypass buffer size checks and potentially leak up to 64KB of kernel memory via USB. An exploit for this vulnerability is available. Multiple security updates have been released to address these issues across different distributions.Recommendations
Upgrade the Linux kernel to version 6.1.147 or later for Debian bookworm.
Upgrade the Linux kernel to version 6.12.41 or later for Debian trixie.
Upgrade the Linux kernel to version 5.10.244 or later for Debian bullseye.
Upgrade to Linux kernel version 6.6.101.
Exploit
Fix
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Debian
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu