CVE-2025-38495

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.10.244-1 (Debian 11 bullseye) Linux kernel versions prior to 6.1.147-1 (Debian bookworm) Linux kernel versions prior to 6.12.41-1 (Debian trixie) Linux kernel versions prior to 6.1.153-1~deb11u1 (Debian 11 bullseye - 6.1 branch) Linux kernel version 6.6.101

Description The Linux kernel contains vulnerabilities that may lead to privilege escalation, denial of service, or information leaks. A vulnerability exists in the HID subsystem related to an undersized report buffer, potentially allowing for information leakage. An integer underflow bug in the HID subsystem may also be present. The vulnerabilities have been addressed in upstream kernel version 6.6.101 and subsequent Debian updates.

Recommendations Upgrade the Linux kernel to version 5.10.244-1 or later for Debian 11 bullseye. Upgrade the Linux kernel to version 6.1.147-1 or later for Debian bookworm. Upgrade the Linux kernel to version 6.12.41-1 or later for Debian trixie. Upgrade the Linux kernel to version 6.1.153-1~deb11u1 or later for Debian 11 bullseye (6.1 branch). Upgrade to kernel version 6.6.101 or later.