CVE-2025-37862
HID: pidff: Fix null pointer dereference in pidff_find_fields
Vexday Risk Score
3Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS —EPSS 0.2%KEV nãoPoC —Nuclei —Metasploit —Patch —
Ciclo de vida
09 mai 2025Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
In the Linux kernel, the following vulnerability has been resolved:
HID: pidff: Fix null pointer dereference in pidff_find_fields
This function triggered a null pointer dereference if used to search for
a report that isn't implemented on the device. This happened both for
optional and required reports alike.
The same logic was applied to pidff_find_special_field and although
pidff_init_fields should return an error earlier if one of the required
reports is missing, future modifications could change this logic and
resurface this possible null pointer dereference again.
LKML bug report:
https://lore.kernel.org/all/CAL-gK7f5=R0nrrQdPtaZZr1fd-cdAMbDMuZ_NLA8vM0SX+nGSw@mail.gmail.com
Produtos afetados
Linux · LinuxReferências
https://git.kernel.org/stable/c/22a05462c3d0eee15154faf8d13c49e6295270a5https://git.kernel.org/stable/c/3a507184f9307e19cb441b897c49e7843c94e56bhttps://git.kernel.org/stable/c/44a1b8b2027afbb37e418993fb23561bdb9efb38https://git.kernel.org/stable/c/6b4449e4f03326fbd2136e67bfcc1e6ffe61541dhttps://git.kernel.org/stable/c/be706a48bb7896d4130edc82811233d1d62158e7https://git.kernel.org/stable/c/d230becb9d38b7325c5c38d051693e4c26b1829bhttps://git.kernel.org/stable/c/ddb147885225d768025f6818df533d30edf3e102https://git.kernel.org/stable/c/e368698da79af821f18c099520deab1219c2044bhttps://git.kernel.org/stable/c/f8f4d77710e1c38f4a2bd26c88c4878b5b5e817ahttps://lists.debian.org/debian-lts-announce/2025/05/msg00030.htmlhttps://lists.debian.org/debian-lts-announce/2025/05/msg00045.html