{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-38103", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2025-04-16T04:51:23.985Z", "datePublished": "2025-07-03T08:35:13.941Z", "dateUpdated": "2025-11-03T17:34:07.793Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-07-28T04:12:18.213Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: usbhid: Eliminate recurrent out-of-bounds bug in usbhid_parse()\n\nUpdate struct hid_descriptor to better reflect the mandatory and\noptional parts of the HID Descriptor as per USB HID 1.11 specification.\nNote: the kernel currently does not parse any optional HID class\ndescriptors, only the mandatory report descriptor.\n\nUpdate all references to member element desc[0] to rpt_desc.\n\nAdd test to verify bLength and bNumDescriptors values are valid.\n\nReplace the for loop with direct access to the mandatory HID class\ndescriptor member for the report descriptor. This eliminates the\npossibility of getting an out-of-bounds fault.\n\nAdd a warning message if the HID descriptor contains any unsupported\noptional HID class descriptors."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/hid/hid-hyperv.c", "drivers/hid/usbhid/hid-core.c", "drivers/usb/gadget/function/f_hid.c", "include/linux/hid.h"], "versions": [{"version": "f043bfc98c193c284e2cd768fefabe18ac2fed9b", "lessThan": "7a6d6b68db128da2078ccd9a751dfa3f75c9cf5b", "status": "affected", "versionType": "git"}, {"version": "f043bfc98c193c284e2cd768fefabe18ac2fed9b", "lessThan": "41827a2dbdd7880df9881506dee13bc88d4230bb", "status": "affected", "versionType": "git"}, {"version": "f043bfc98c193c284e2cd768fefabe18ac2fed9b", "lessThan": "1df80d748f984290c895e843401824215dcfbfb0", "status": "affected", "versionType": "git"}, {"version": "f043bfc98c193c284e2cd768fefabe18ac2fed9b", "lessThan": "a8f842534807985d3a676006d140541b87044345", "status": "affected", "versionType": "git"}, {"version": "f043bfc98c193c284e2cd768fefabe18ac2fed9b", "lessThan": "4fa7831cf0ac71a0a345369d1a6084f2b096e55e", "status": "affected", "versionType": "git"}, {"version": "f043bfc98c193c284e2cd768fefabe18ac2fed9b", "lessThan": "74388368927e9c52a69524af5bbd6c55eb4690de", "status": "affected", "versionType": "git"}, {"version": "f043bfc98c193c284e2cd768fefabe18ac2fed9b", "lessThan": "485e1b741eb838cbe1d6b0e81e5ab62ae6c095cf", "status": "affected", "versionType": "git"}, {"version": "f043bfc98c193c284e2cd768fefabe18ac2fed9b", "lessThan": "fe7f7ac8e0c708446ff017453add769ffc15deed", "status": "affected", "versionType": "git"}, {"version": "99de0781e0de7c866f762b931351c2a501c3074f", "status": "affected", "versionType": "git"}, {"version": "8d675aa967d3927ac100f7af48f2a2af8a041d2d", "status": "affected", "versionType": "git"}, {"version": "f4cf5d75416ae3d79e03179fe6f4b9f1231ae42c", "status": "affected", "versionType": "git"}, {"version": "439f76690d7d5dd212ea7bebc1f2fa077e3d645d", "status": "affected", "versionType": "git"}, {"version": "2929cb995378205bceda86d6fd3cbc22e522f97f", "status": "affected", "versionType": "git"}, {"version": "57265cddde308292af881ce634a5378dd4e25900", "status": "affected", "versionType": "git"}, {"version": "984154e7eef1f9e543dabd7422cfc99015778732", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/hid/hid-hyperv.c", "drivers/hid/usbhid/hid-core.c", "drivers/usb/gadget/function/f_hid.c", "include/linux/hid.h"], "versions": [{"version": "4.14", "status": "affected"}, {"version": "0", "lessThan": "4.14", "status": "unaffected", "versionType": "semver"}, {"version": "5.4.295", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.239", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.186", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.142", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.94", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.34", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.15.3", "lessThanOrEqual": "6.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.16", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.14", "versionEndExcluding": "5.4.295"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.14", "versionEndExcluding": "5.10.239"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.14", "versionEndExcluding": "5.15.186"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.14", "versionEndExcluding": "6.1.142"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.14", "versionEndExcluding": "6.6.94"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.14", "versionEndExcluding": "6.12.34"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.14", "versionEndExcluding": "6.15.3"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.14", "versionEndExcluding": "6.16"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.2.95"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.16.50"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.18.76"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.1.46"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.4.93"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.9.57"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.13.8"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/7a6d6b68db128da2078ccd9a751dfa3f75c9cf5b"}, {"url": "https://git.kernel.org/stable/c/41827a2dbdd7880df9881506dee13bc88d4230bb"}, {"url": "https://git.kernel.org/stable/c/1df80d748f984290c895e843401824215dcfbfb0"}, {"url": "https://git.kernel.org/stable/c/a8f842534807985d3a676006d140541b87044345"}, {"url": "https://git.kernel.org/stable/c/4fa7831cf0ac71a0a345369d1a6084f2b096e55e"}, {"url": "https://git.kernel.org/stable/c/74388368927e9c52a69524af5bbd6c55eb4690de"}, {"url": "https://git.kernel.org/stable/c/485e1b741eb838cbe1d6b0e81e5ab62ae6c095cf"}, {"url": "https://git.kernel.org/stable/c/fe7f7ac8e0c708446ff017453add769ffc15deed"}], "title": "HID: usbhid: Eliminate recurrent out-of-bounds bug in usbhid_parse()", "x_generator": {"engine": "bippy-1.2.0"}}, "adp": [{"title": "CVE Program Container", "references": [{"url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html"}, {"url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-03T17:34:07.793Z"}}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "D0791B33-98B2-4081-91D6-F6E6C6342088", "versionEndExcluding": "3.3", "versionStartIncluding": "3.2.95", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "04CF39E5-B417-4D51-8790-B5A3C24CF085", "versionEndExcluding": "3.17", "versionStartIncluding": "3.16.50", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "6E54BCAA-9070-43EA-878A-AD7954A7DE75", "versionEndExcluding": "3.19", "versionStartIncluding": "3.18.76", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "FD7B43DB-D99B-4203-84D2-00416A5FC499", "versionEndExcluding": "4.2", "versionStartIncluding": "4.1.46", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "EC8F42DF-3C08-4280-8E68-34B675046381", "versionEndExcluding": "4.5", "versionStartIncluding": "4.4.93", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "A5F61411-B56B-4304-AD1B-786D158E0C1D", "versionEndExcluding": "4.10", "versionStartIncluding": "4.9.57", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "9472F170-B32F-4577-B190-908559FBB22D", "versionEndExcluding": "4.14", "versionStartIncluding": "4.13.8", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "3A426522-3B63-4E88-9E43-95315B102A8A", "versionEndExcluding": "5.4.295", "versionStartIncluding": "4.14.1", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "C3D14F4C-A21E-465D-A928-5CCE684E2B98", "versionEndExcluding": "5.10.239", "versionStartIncluding": "5.5", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "D96F2C0D-0D4A-4658-AD34-D8A626EA422D", "versionEndExcluding": "5.15.186", "versionStartIncluding": "5.11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "459B4E94-FE0E-434D-B782-95E3A5FFC6B1", "versionEndExcluding": "6.1.142", "versionStartIncluding": "5.16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "304E3F01-7D7A-4908-994E-7F95C5C00B06", "versionEndExcluding": "6.6.94", "versionStartIncluding": "6.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "4FFA54AA-CDFE-4591-BD07-72813D0948F4", "versionEndExcluding": "6.12.34", "versionStartIncluding": "6.7", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "0541C761-BD5E-4C1A-8432-83B375D7EB92", "versionEndExcluding": "6.15.3", "versionStartIncluding": "6.13", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:4.14:-:*:*:*:*:*:*", "matchCriteriaId": "7875AA30-1F6F-470C-A52D-ECBD6663CEC5", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:4.14:rc5:*:*:*:*:*:*", "matchCriteriaId": "4C9B8FA6-754F-42F5-98BC-410AF7DB9F4C", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:4.14:rc6:*:*:*:*:*:*", "matchCriteriaId": "EC8F8565-B401-4F3C-B423-51F371DCB908", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:4.14:rc7:*:*:*:*:*:*", "matchCriteriaId": "C834B5F2-810F-4291-8E1F-1B32635E08F3", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:4.14:rc8:*:*:*:*:*:*", "matchCriteriaId": "BB4A96BC-72CC-4EF1-916C-9ED7177C196E", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: usbhid: Eliminate recurrent out-of-bounds bug in usbhid_parse()\n\nUpdate struct hid_descriptor to better reflect the mandatory and\noptional parts of the HID Descriptor as per USB HID 1.11 specification.\nNote: the kernel currently does not parse any optional HID class\ndescriptors, only the mandatory report descriptor.\n\nUpdate all references to member element desc[0] to rpt_desc.\n\nAdd test to verify bLength and bNumDescriptors values are valid.\n\nReplace the for loop with direct access to the mandatory HID class\ndescriptor member for the report descriptor. This eliminates the\npossibility of getting an out-of-bounds fault.\n\nAdd a warning message if the HID descriptor contains any unsupported\noptional HID class descriptors."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: HID: usbhid: Elimina el error recurrente fuera de los l\u00edmites en usbhid_parse() Actualiza la estructura hid_descriptor para reflejar mejor las partes obligatorias y opcionales del descriptor HID seg\u00fan la especificaci\u00f3n USB HID 1.11. Nota: el kernel actualmente no analiza ning\u00fan descriptor de clase HID opcional, solo el descriptor de informe obligatorio. Actualiza todas las referencias al elemento miembro desc[0] a rpt_desc. Agrega una prueba para verificar que los valores de bLength y bNumDescriptors sean v\u00e1lidos. Reemplaza el bucle for con acceso directo al miembro descriptor de clase HID obligatorio para el descriptor de informe. Esto elimina la posibilidad de obtener un fallo fuera de los l\u00edmites. Agrega un mensaje de advertencia si el descriptor HID contiene alg\u00fan descriptor de clase HID opcional no compatible."}], "id": "CVE-2025-38103", "lastModified": "2025-12-16T17:03:25.747", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.2, "source": "[email protected]", "type": "Primary"}]}, "published": "2025-07-03T09:15:23.847", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/1df80d748f984290c895e843401824215dcfbfb0"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/41827a2dbdd7880df9881506dee13bc88d4230bb"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/485e1b741eb838cbe1d6b0e81e5ab62ae6c095cf"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/4fa7831cf0ac71a0a345369d1a6084f2b096e55e"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/74388368927e9c52a69524af5bbd6c55eb4690de"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/7a6d6b68db128da2078ccd9a751dfa3f75c9cf5b"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/a8f842534807985d3a676006d140541b87044345"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/fe7f7ac8e0c708446ff017453add769ffc15deed"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "Mailing List"], "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "Mailing List"], "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}], "source": "[email protected]", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: HID: usbhid: Eliminate recurrent out-of-bounds bug in usbhid_parse()", "id": "2376100", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2376100"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "details": ["In the Linux kernel, the following vulnerability has been resolved:\nHID: usbhid: Eliminate recurrent out-of-bounds bug in usbhid_parse()\nUpdate struct hid_descriptor to better reflect the mandatory and\noptional parts of the HID Descriptor as per USB HID 1.11 specification.\nNote: the kernel currently does not parse any optional HID class\ndescriptors, only the mandatory report descriptor.\nUpdate all references to member element desc[0] to rpt_desc.\nAdd test to verify bLength and bNumDescriptors values are valid.\nReplace the for loop with direct access to the mandatory HID class\ndescriptor member for the report descriptor. This eliminates the\npossibility of getting an out-of-bounds fault.\nAdd a warning message if the HID descriptor contains any unsupported\noptional HID class descriptors."], "name": "CVE-2025-38103", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Fix deferred", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-07-03T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-38103\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-38103\nhttps://lore.kernel.org/linux-cve-announce/2025070322-CVE-2025-38103-dd1b@gregkh/T"], "threat_severity": "Moderate"}