{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-38556","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2025-04-16T04:51:24.025Z","datePublished":"2025-08-19T17:02:34.929Z","dateUpdated":"2026-05-11T21:30:22.814Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T21:30:22.814Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nHID: core: Harden s32ton() against conversion to 0 bits\n\nTesting by the syzbot fuzzer showed that the HID core gets a\nshift-out-of-bounds exception when it tries to convert a 32-bit\nquantity to a 0-bit quantity.  Ideally this should never occur, but\nthere are buggy devices and some might have a report field with size\nset to zero; we shouldn't reject the report or the device just because\nof that.\n\nInstead, harden the s32ton() routine so that it returns a reasonable\nresult instead of crashing when it is called with the number of bits\nset to 0 -- the same as what snto32() does."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/hid/hid-core.c"],"versions":[{"version":"dde5845a529ff753364a6d1aea61180946270bfa","lessThan":"6cdf6c708717c5c6897d0800a1793e83757c7491","status":"affected","versionType":"git"},{"version":"dde5845a529ff753364a6d1aea61180946270bfa","lessThan":"eeeaba737919bdce9885e2a00ac2912f61a3684d","status":"affected","versionType":"git"},{"version":"dde5845a529ff753364a6d1aea61180946270bfa","lessThan":"3c86548a20d7bc2861aa4de044991a327bebad1a","status":"affected","versionType":"git"},{"version":"dde5845a529ff753364a6d1aea61180946270bfa","lessThan":"810189546cb6c8f36443ed091d91f1f5d2fc2ec7","status":"affected","versionType":"git"},{"version":"dde5845a529ff753364a6d1aea61180946270bfa","lessThan":"d3b504146c111548ab60b6ef7aad00bfb1db05a2","status":"affected","versionType":"git"},{"version":"dde5845a529ff753364a6d1aea61180946270bfa","lessThan":"8b4a94b1510f6a46ec48494b52ee8f67eb4fc836","status":"affected","versionType":"git"},{"version":"dde5845a529ff753364a6d1aea61180946270bfa","lessThan":"865ad8469fa24de1559f247d9426ab01e5ce3a56","status":"affected","versionType":"git"},{"version":"dde5845a529ff753364a6d1aea61180946270bfa","lessThan":"a6b87bfc2ab5bccb7ad953693c85d9062aef3fdd","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/hid/hid-core.c"],"versions":[{"version":"2.6.20","status":"affected"},{"version":"0","lessThan":"2.6.20","status":"unaffected","versionType":"semver"},{"version":"5.10.248","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.15.198","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"6.1.159","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.6.119","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.12.46","lessThanOrEqual":"6.12.*","status":"unaffected","versionType":"semver"},{"version":"6.15.10","lessThanOrEqual":"6.15.*","status":"unaffected","versionType":"semver"},{"version":"6.16.1","lessThanOrEqual":"6.16.*","status":"unaffected","versionType":"semver"},{"version":"6.17","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.20","versionEndExcluding":"5.10.248"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.20","versionEndExcluding":"5.15.198"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.20","versionEndExcluding":"6.1.159"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.20","versionEndExcluding":"6.6.119"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.20","versionEndExcluding":"6.12.46"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.20","versionEndExcluding":"6.15.10"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.20","versionEndExcluding":"6.16.1"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.20","versionEndExcluding":"6.17"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/6cdf6c708717c5c6897d0800a1793e83757c7491"},{"url":"https://git.kernel.org/stable/c/eeeaba737919bdce9885e2a00ac2912f61a3684d"},{"url":"https://git.kernel.org/stable/c/3c86548a20d7bc2861aa4de044991a327bebad1a"},{"url":"https://git.kernel.org/stable/c/810189546cb6c8f36443ed091d91f1f5d2fc2ec7"},{"url":"https://git.kernel.org/stable/c/d3b504146c111548ab60b6ef7aad00bfb1db05a2"},{"url":"https://git.kernel.org/stable/c/8b4a94b1510f6a46ec48494b52ee8f67eb4fc836"},{"url":"https://git.kernel.org/stable/c/865ad8469fa24de1559f247d9426ab01e5ce3a56"},{"url":"https://git.kernel.org/stable/c/a6b87bfc2ab5bccb7ad953693c85d9062aef3fdd"}],"title":"HID: core: Harden s32ton() against conversion to 0 bits","x_generator":{"engine":"bippy-1.2.0"}}}}