PT-2025-33755 · Linux+9 · Linux Kernel+9

Syzbot

·

Published

2025-07-23

·

Updated

2026-05-07

·

CVE-2025-38556

CVSS v3.1

7.1

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified)
Description: The HID core is susceptible to a shift-out-of-bounds exception when converting a 32-bit quantity to a 0-bit quantity. This can occur due to buggy devices reporting a report field with a size set to zero. The s32ton() routine has been hardened to return a reasonable result instead of crashing when called with the number of bits set to 0, mirroring the behavior of snto32().
Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

Out of bounds Read

Weakness Enumeration

CWE-125

Related Identifiers

ALSA-2025:16372
ALSA-2025:17760
ALSA-2025:17776
AZL-66491
AZL-70460
BDU:2025-10722
CESA-2025_16372
CVE-2025-38556
DSA-6008-1
ECHO-B0CF-06CF-F90C
INFSA-2025_16372
INFSA-2025_17760
OESA-2026-1341
OESA-2026-1759
OESA-2026-1760
OESA-2026-1761
OPENSUSE-SU-2025:20081-1
RHSA-2025:17760
RHSA-2025:17776
RHSA-2025:19104
RHSA-2025:19222
RHSA-2025:19223
RHSA-2025:19224
RHSA-2025_16372
RHSA-2025_17760
SUSE-SU-2025:03204-1
SUSE-SU-2025:03600-1
SUSE-SU-2025:03601-1
SUSE-SU-2025:03602-1
SUSE-SU-2025:03633-1
SUSE-SU-2025:03634-1
SUSE-SU-2025:20851-1
SUSE-SU-2025:20861-1
SUSE-SU-2025:20870-1
SUSE-SU-2025:20898-1
SUSE-SU-2025:21074-1
SUSE-SU-2025:21139-1
SUSE-SU-2025:21179-1
SUSE-SU-2025:3725-1
SUSE-SU-2025:3751-1
SUSE-SU-2025_03204-1
USN-7879-1
USN-7879-2
USN-7879-3
USN-7879-4
USN-7880-1
USN-7934-1
USN-8095-1
USN-8095-2
USN-8095-3
USN-8095-4
USN-8095-5
USN-8096-1
USN-8096-2
USN-8096-3
USN-8096-4
USN-8096-5
USN-8100-1
USN-8116-1
USN-8125-1
USN-8126-1
USN-8141-1
USN-8163-1
USN-8163-2
USN-8165-1
USN-8243-1
USN-8261-1

Affected Products

Almalinux
Centos
Debian
Linuxmint
Linux Kernel
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu