PT-2025-33756 · Linux+5 · Linux Kernel+5

Published

2025-07-14

Updated

2026-03-23

CVE-2025-38557

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.15.0 #31

Description: A flaw exists in the Linux kernel related to Human Interface Devices (HID) with the APPLE MAGIC BACKLIGHT quirk. A malicious HID device can trigger a NULL pointer dereference within the apple magic backlight report set() function when toggling the power feature-report. This occurs because the function expects two data fields in the power feature-report, but may encounter a descriptor declaring only one field, leading to an invalid memory access when attempting to dereference field[1]. The issue is triggered by a specific descriptor configuration where the report with ID 3 (power report) references only a single 1-byte field.

Recommendations: Update to Linux kernel version 6.15.0 #31 or later.

Exploit

Fix

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

BDU:2025-10724

CVE-2025-38557

OPENSUSE-SU-2025:20081-1

SUSE-SU-2025:21074-1

SUSE-SU-2025:21139-1

SUSE-SU-2025:21179-1

USN-7879-1

USN-7879-2

USN-7879-3

USN-7879-4

USN-7880-1

USN-7934-1

Affected Products

Astra Linux

Linuxmint

Linux Kernel

Red Os

Suse

Ubuntu

PT-2025-33756 · Linux+5 · Linux Kernel+5

CVE-2025-38557

Weakness Enumeration

Related Identifiers

Affected Products

References · 1490