cve/2025/CVE-2025-38495.md

CVE-2025-38495

Description

In the Linux kernel, the following vulnerability has been resolved:HID: core: ensure the allocated report buffer can contain the reserved report IDWhen the report ID is not used, the low level transport drivers expectthe first byte to be 0. However, currently the allocated buffer notaccount for that extra byte, meaning that instead of having 8 guaranteedbytes for implement to be working, we only have 7.

POC

Reference

No PoCs from references.

Github

• https://github.com/w4zu/Debian_security
• https://github.com/xairy/kernel-exploits