CVE-2025-37862: HID: pidff: Fix null pointer dereference in pidff_find_fields
First published: Fri May 09 2025(Updated: )
In the Linux kernel, the following vulnerability has been resolved: HID: pidff: Fix null pointer dereference in pidff_find_fields This function triggered a null pointer dereference if used to search for a report that isn't implemented on the device. This happened both for optional and required reports alike. The same logic was applied to pidff_find_special_field and although pidff_init_fields should return an error earlier if one of the required reports is missing, future modifications could change this logic and resurface this possible null pointer dereference again. LKML bug report: https://lore.kernel.org/all/CAL-gK7f5=R0nrrQdPtaZZr1fd-cdAMbDMuZ_NLA8vM0SX+nGSw@mail.gmail.com
Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Linux Kernel |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://git.kernel.org/stable/c/44a1b8b2027afbb37e418993fb23561bdb9efb38
- https://git.kernel.org/stable/c/d230becb9d38b7325c5c38d051693e4c26b1829b
- https://git.kernel.org/stable/c/6b4449e4f03326fbd2136e67bfcc1e6ffe61541d
- https://git.kernel.org/stable/c/ddb147885225d768025f6818df533d30edf3e102
- https://git.kernel.org/stable/c/be706a48bb7896d4130edc82811233d1d62158e7
- https://git.kernel.org/stable/c/f8f4d77710e1c38f4a2bd26c88c4878b5b5e817a
- https://git.kernel.org/stable/c/3a507184f9307e19cb441b897c49e7843c94e56b
- https://git.kernel.org/stable/c/e368698da79af821f18c099520deab1219c2044b
- https://git.kernel.org/stable/c/22a05462c3d0eee15154faf8d13c49e6295270a5
Frequently Asked Questions
What is the severity of CVE-2025-37862?
CVE-2025-37862 has been classified as a moderate severity vulnerability due to its potential for causing crashes in affected systems.
How do I fix CVE-2025-37862?
To fix CVE-2025-37862, update your Linux kernel to the latest version where this vulnerability has been addressed.
What are the consequences of not addressing CVE-2025-37862?
If CVE-2025-37862 is not addressed, it may lead to system instability due to null pointer dereferences when searching for unsupported reports.
Which versions of the Linux kernel are affected by CVE-2025-37862?
CVE-2025-37862 affects certain implementations of the Linux kernel where the pidff_find_fields function is used.
What components are involved in CVE-2025-37862?
CVE-2025-37862 primarily involves the Human Interface Device (HID) subsystem of the Linux kernel.
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/title
- agent/weakness
- agent/type
- agent/first-publish-date
- agent/description
- agent/guess-ai
- agent/software-canonical-lookup
- agent/softwarecombine
- collector/nvd-api
- source/NVD
- agent/author
- agent/last-modified-date
- agent/source
- agent/tags
- agent/event
- vendor/linux
- canonical/linux kernel