{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-38103","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2025-04-16T04:51:23.985Z","datePublished":"2025-07-03T08:35:13.941Z","dateUpdated":"2026-05-23T15:58:59.055Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-23T15:58:59.055Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nHID: usbhid: Eliminate recurrent out-of-bounds bug in usbhid_parse()\n\nUpdate struct hid_descriptor to better reflect the mandatory and\noptional parts of the HID Descriptor as per USB HID 1.11 specification.\nNote: the kernel currently does not parse any optional HID class\ndescriptors, only the mandatory report descriptor.\n\nUpdate all references to member element desc[0] to rpt_desc.\n\nAdd test to verify bLength and bNumDescriptors values are valid.\n\nReplace the for loop with direct access to the mandatory HID class\ndescriptor member for the report descriptor. This eliminates the\npossibility of getting an out-of-bounds fault.\n\nAdd a warning message if the HID descriptor contains any unsupported\noptional HID class descriptors."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/hid/hid-hyperv.c","drivers/hid/usbhid/hid-core.c","drivers/usb/gadget/function/f_hid.c","include/linux/hid.h"],"versions":[{"version":"f043bfc98c193c284e2cd768fefabe18ac2fed9b","lessThan":"7a6d6b68db128da2078ccd9a751dfa3f75c9cf5b","status":"affected","versionType":"git"},{"version":"f043bfc98c193c284e2cd768fefabe18ac2fed9b","lessThan":"41827a2dbdd7880df9881506dee13bc88d4230bb","status":"affected","versionType":"git"},{"version":"f043bfc98c193c284e2cd768fefabe18ac2fed9b","lessThan":"1df80d748f984290c895e843401824215dcfbfb0","status":"affected","versionType":"git"},{"version":"f043bfc98c193c284e2cd768fefabe18ac2fed9b","lessThan":"a8f842534807985d3a676006d140541b87044345","status":"affected","versionType":"git"},{"version":"f043bfc98c193c284e2cd768fefabe18ac2fed9b","lessThan":"4fa7831cf0ac71a0a345369d1a6084f2b096e55e","status":"affected","versionType":"git"},{"version":"f043bfc98c193c284e2cd768fefabe18ac2fed9b","lessThan":"74388368927e9c52a69524af5bbd6c55eb4690de","status":"affected","versionType":"git"},{"version":"f043bfc98c193c284e2cd768fefabe18ac2fed9b","lessThan":"485e1b741eb838cbe1d6b0e81e5ab62ae6c095cf","status":"affected","versionType":"git"},{"version":"f043bfc98c193c284e2cd768fefabe18ac2fed9b","lessThan":"fe7f7ac8e0c708446ff017453add769ffc15deed","status":"affected","versionType":"git"},{"version":"99de0781e0de7c866f762b931351c2a501c3074f","status":"affected","versionType":"git"},{"version":"8d675aa967d3927ac100f7af48f2a2af8a041d2d","status":"affected","versionType":"git"},{"version":"f4cf5d75416ae3d79e03179fe6f4b9f1231ae42c","status":"affected","versionType":"git"},{"version":"439f76690d7d5dd212ea7bebc1f2fa077e3d645d","status":"affected","versionType":"git"},{"version":"2929cb995378205bceda86d6fd3cbc22e522f97f","status":"affected","versionType":"git"},{"version":"57265cddde308292af881ce634a5378dd4e25900","status":"affected","versionType":"git"},{"version":"984154e7eef1f9e543dabd7422cfc99015778732","status":"affected","versionType":"git"},{"version":"3.2.95","lessThan":"3.3","status":"affected","versionType":"semver"},{"version":"3.16.50","lessThan":"3.17","status":"affected","versionType":"semver"},{"version":"3.18.76","lessThan":"3.19","status":"affected","versionType":"semver"},{"version":"4.1.46","lessThan":"4.2","status":"affected","versionType":"semver"},{"version":"4.4.93","lessThan":"4.5","status":"affected","versionType":"semver"},{"version":"4.9.57","lessThan":"4.10","status":"affected","versionType":"semver"},{"version":"4.13.8","lessThan":"4.14","status":"affected","versionType":"semver"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/hid/hid-hyperv.c","drivers/hid/usbhid/hid-core.c","drivers/usb/gadget/function/f_hid.c","include/linux/hid.h"],"versions":[{"version":"4.14","status":"affected"},{"version":"0","lessThan":"4.14","status":"unaffected","versionType":"semver"},{"version":"5.4.295","lessThanOrEqual":"5.4.*","status":"unaffected","versionType":"semver"},{"version":"5.10.239","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.15.186","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"6.1.142","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.6.94","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.12.34","lessThanOrEqual":"6.12.*","status":"unaffected","versionType":"semver"},{"version":"6.15.3","lessThanOrEqual":"6.15.*","status":"unaffected","versionType":"semver"},{"version":"6.16","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.14","versionEndExcluding":"5.4.295"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.14","versionEndExcluding":"5.10.239"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.14","versionEndExcluding":"5.15.186"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.14","versionEndExcluding":"6.1.142"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.14","versionEndExcluding":"6.6.94"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.14","versionEndExcluding":"6.12.34"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.14","versionEndExcluding":"6.15.3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.14","versionEndExcluding":"6.16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.2.95"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.16.50"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.18.76"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.1.46"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.4.93"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.9.57"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.13.8"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/7a6d6b68db128da2078ccd9a751dfa3f75c9cf5b"},{"url":"https://git.kernel.org/stable/c/41827a2dbdd7880df9881506dee13bc88d4230bb"},{"url":"https://git.kernel.org/stable/c/1df80d748f984290c895e843401824215dcfbfb0"},{"url":"https://git.kernel.org/stable/c/a8f842534807985d3a676006d140541b87044345"},{"url":"https://git.kernel.org/stable/c/4fa7831cf0ac71a0a345369d1a6084f2b096e55e"},{"url":"https://git.kernel.org/stable/c/74388368927e9c52a69524af5bbd6c55eb4690de"},{"url":"https://git.kernel.org/stable/c/485e1b741eb838cbe1d6b0e81e5ab62ae6c095cf"},{"url":"https://git.kernel.org/stable/c/fe7f7ac8e0c708446ff017453add769ffc15deed"}],"title":"HID: usbhid: Eliminate recurrent out-of-bounds bug in usbhid_parse()","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"title":"CVE Program Container","references":[{"url":"https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html"},{"url":"https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html"}],"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2025-11-03T17:34:07.793Z"}}]}}