-

CVE-2025-38556

In the Linux kernel, the following vulnerability has been resolved:

HID: core: Harden s32ton() against conversion to 0 bits

Testing by the syzbot fuzzer showed that the HID core gets a
shift-out-of-bounds exception when it tries to convert a 32-bit
quantity to a 0-bit quantity.  Ideally this should never occur, but
there are buggy devices and some might have a report field with size
set to zero; we shouldn't reject the report or the device just because
of that.

Instead, harden the s32ton() routine so that it returns a reasonable
result instead of crashing when it is called with the number of bits
set to 0 -- the same as what snto32() does.

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerLinux
Produkt Linux
Default Statusunaffected
Version < d3b504146c111548ab60b6ef7aad00bfb1db05a2
Version dde5845a529ff753364a6d1aea61180946270bfa
Status affected
Version < 8b4a94b1510f6a46ec48494b52ee8f67eb4fc836
Version dde5845a529ff753364a6d1aea61180946270bfa
Status affected
Version < 865ad8469fa24de1559f247d9426ab01e5ce3a56
Version dde5845a529ff753364a6d1aea61180946270bfa
Status affected
Version < a6b87bfc2ab5bccb7ad953693c85d9062aef3fdd
Version dde5845a529ff753364a6d1aea61180946270bfa
Status affected
HerstellerLinux
Produkt Linux
Default Statusaffected
Version 2.6.20
Status affected
Version < 2.6.20
Version 0
Status unaffected
Version <= 6.12.*
Version 6.12.46
Status unaffected
Version <= 6.15.*
Version 6.15.10
Status unaffected
Version <= 6.16.*
Version 6.16.1
Status unaffected
Version <= *
Version 6.17-rc1
Status unaffected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.04% 0.105
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String