5.5

CVE-2025-37862

EPSS 0.01%
Veröffentlicht 09.05.2025 06:42:07
Zuletzt bearbeitet 12.11.2025 20:13:04
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

In the Linux kernel, the following vulnerability has been resolved:

HID: pidff: Fix null pointer dereference in pidff_find_fields

This function triggered a null pointer dereference if used to search for
a report that isn't implemented on the device. This happened both for
optional and required reports alike.

The same logic was applied to pidff_find_special_field and although
pidff_init_fields should return an error earlier if one of the required
reports is missing, future modifications could change this logic and
resurface this possible null pointer dereference again.

LKML bug report:
https://lore.kernel.org/all/CAL-gK7f5=R0nrrQdPtaZZr1fd-cdAMbDMuZ_NLA8vM0SX+nGSw@mail.gmail.com

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 14

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version < 5.4.293

Linux ≫ Linux Kernel Version >= 5.5 < 5.10.237

Linux ≫ Linux Kernel Version >= 5.11 < 5.15.181

Linux ≫ Linux Kernel Version >= 5.16 < 6.1.135

Linux ≫ Linux Kernel Version >= 6.2 < 6.6.88

Linux ≫ Linux Kernel Version >= 6.7 < 6.12.24

Linux ≫ Linux Kernel Version >= 6.13 < 6.13.12

Linux ≫ Linux Kernel Version >= 6.14 < 6.14.3

Debian ≫ Debian Linux Version11.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.01%	0.018

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

https://git.kernel.org/stable/c/44a1b8b2027afbb37e418993fb23561bdb9efb38

Patch

https://git.kernel.org/stable/c/d230becb9d38b7325c5c38d051693e4c26b1829b

Patch

https://git.kernel.org/stable/c/6b4449e4f03326fbd2136e67bfcc1e6ffe61541d

Patch

https://git.kernel.org/stable/c/ddb147885225d768025f6818df533d30edf3e102

Patch

https://git.kernel.org/stable/c/be706a48bb7896d4130edc82811233d1d62158e7

Patch

https://git.kernel.org/stable/c/f8f4d77710e1c38f4a2bd26c88c4878b5b5e817a

Patch

https://git.kernel.org/stable/c/3a507184f9307e19cb441b897c49e7843c94e56b

Patch

https://git.kernel.org/stable/c/e368698da79af821f18c099520deab1219c2044b

Patch

https://git.kernel.org/stable/c/22a05462c3d0eee15154faf8d13c49e6295270a5

Patch

https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html

Third Party Advisory

Mailing List

https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html

Third Party Advisory

Mailing List

https://nvd.nist.gov/vuln/detail/CVE-2025-37862

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-37862

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-37862

EUVD