From: "gregkh@linuxfoundation.org" <gregkh@linuxfoundation.org>
To: Siddh Raman Pant <siddh.raman.pant@oracle.com>
Cc: "cve@kernel.org" <cve@kernel.org>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>
Subject: Re: CVE-2025-38495: HID: core: ensure the allocated report buffer can contain the reserved report ID
Date: Tue, 30 Sep 2025 12:49:44 +0200 [thread overview]
Message-ID: <2025093000-shrank-vending-2bd1@gregkh> (raw)
In-Reply-To: <90bbbd1083635d251b04fd03ec81a4e7e4720bc2.camel@oracle.com>
On Tue, Sep 30, 2025 at 10:42:31AM +0000, Siddh Raman Pant wrote:
> On Mon, 28 Jul 2025 13:22:37 +0200, Greg Kroah-Hartman wrote:
> > In the Linux kernel, the following vulnerability has been resolved:
> >
> > HID: core: ensure the allocated report buffer can contain the reserved report ID
> >
> > When the report ID is not used, the low level transport drivers expect
> > the first byte to be 0. However, currently the allocated buffer not
> > account for that extra byte, meaning that instead of having 8 guaranteed
> > bytes for implement to be working, we only have 7.
> >
> > The Linux kernel CVE team has assigned CVE-2025-38495 to this issue.
>
> This commit prepares for the next commit in the patch series. See
> https://lore.kernel.org/all/20250710-report-size-null-v2-0-ccf922b7c4e5@kernel.org/
>
> The patch series has 3 commits, with the main fix being the middle
> commit "HID: core: ensure __hid_request reserves the report ID as the
> first byte".
>
> Unfortunately, the 1st and 3rd commit has CVE numbers assigned to them
> but not the actual fix.
>
> Please assign CVE number to the middle commit.
What git id is that?
And this commit on its own fixes a problem, so it should be a separate
CVE, right?
> Segue: Can we not have same CVE number for a patch series fixing a
> vuln?
We can, but generally it's just one-fix-per-cve.
thanks,
greg k-h
next prev parent reply other threads:[~2025-09-30 10:49 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-07-28 11:22 CVE-2025-38495: HID: core: ensure the allocated report buffer can contain the reserved report ID Greg Kroah-Hartman
2025-09-30 10:42 ` Siddh Raman Pant
2025-09-30 10:49 ` gregkh [this message]
2025-09-30 10:54 ` Siddh Raman Pant
2025-09-30 10:59 ` gregkh
2025-09-30 11:09 ` Siddh Raman Pant
2025-09-30 11:22 ` gregkh
2025-09-30 11:32 ` Siddh Raman Pant
2025-09-30 11:41 ` gregkh
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=2025093000-shrank-vending-2bd1@gregkh \
--to=gregkh@linuxfoundation.org \
--cc=cve@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=siddh.raman.pant@oracle.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.