CVE-2025-38556
Severity CVSS v4.0:
Pending analysis
Type:
CWE-125
Out-of-bounds Read
Publication date:
19/08/2025
Last modified:
19/01/2026
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
HID: core: Harden s32ton() against conversion to 0 bits<br />
<br />
Testing by the syzbot fuzzer showed that the HID core gets a<br />
shift-out-of-bounds exception when it tries to convert a 32-bit<br />
quantity to a 0-bit quantity. Ideally this should never occur, but<br />
there are buggy devices and some might have a report field with size<br />
set to zero; we shouldn&#39;t reject the report or the device just because<br />
of that.<br />
<br />
Instead, harden the s32ton() routine so that it returns a reasonable<br />
result instead of crashing when it is called with the number of bits<br />
set to 0 -- the same as what snto32() does.
Impact
Base Score 3.x
7.10
Severity 3.x
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 2.6.20 (including) | 6.12.46 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.13 (including) | 6.15.10 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.16 (including) | 6.16.1 (excluding) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://git.kernel.org/stable/c/3c86548a20d7bc2861aa4de044991a327bebad1a
- https://git.kernel.org/stable/c/6cdf6c708717c5c6897d0800a1793e83757c7491
- https://git.kernel.org/stable/c/810189546cb6c8f36443ed091d91f1f5d2fc2ec7
- https://git.kernel.org/stable/c/865ad8469fa24de1559f247d9426ab01e5ce3a56
- https://git.kernel.org/stable/c/8b4a94b1510f6a46ec48494b52ee8f67eb4fc836
- https://git.kernel.org/stable/c/a6b87bfc2ab5bccb7ad953693c85d9062aef3fdd
- https://git.kernel.org/stable/c/d3b504146c111548ab60b6ef7aad00bfb1db05a2
- https://git.kernel.org/stable/c/eeeaba737919bdce9885e2a00ac2912f61a3684d