From: "gregkh@linuxfoundation.org" <gregkh@linuxfoundation.org>
To: Siddh Raman Pant <siddh.raman.pant@oracle.com>
Cc: "cve@kernel.org" <cve@kernel.org>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>
Subject: Re: CVE-2025-38495: HID: core: ensure the allocated report buffer can contain the reserved report ID
Date: Tue, 30 Sep 2025 13:41:12 +0200 [thread overview]
Message-ID: <2025093057-bogged-rasping-0deb@gregkh> (raw)
In-Reply-To: <c0d698cbcea6f46e6959ab1db07735cea76f3770.camel@oracle.com>
On Tue, Sep 30, 2025 at 11:32:25AM +0000, Siddh Raman Pant wrote:
> On Tue, Sep 30 2025 at 16:52:30 +0530, gregkh@linuxfoundation.org
> wrote:
> > Is the CVE referenced here in the Subject line, and the git id it
> > references not valid?
>
> It is valid.
Great!
> > Is there some other commit that also fixes a vulnerability
> > that should also be assigned to a new CVE?
>
> Yes: 0d0777ccaa2d46609d05b66ba0096802a2746193 which is immediately
> after the commit in title, and fixes the underflow reported by
> syzkaller (see [1] and the commit message for the tested-by), which is
> the main bug, for which there is also a public exploit (see [2]).
>
> [1] https://lore.kernel.org/all/686bb229.a00a0220.c7b3.0081.GAE@google.com/t/#u
>
> [2] https://github.com/xairy/kernel-exploits/tree/master/CVE-2025-38494
That is assigned to, and stopped by commit c2ca42f190b6 ("HID: core: do
not bypass hid_hw_raw_request"), so that should be fine. And yes, you
do need to have commit 0d0777ccaa2d ("HID: core: ensure __hid_request
reserves the report ID as the first byte") applied in order to be able
to apply c2ca42f190b6 ("HID: core: do not bypass hid_hw_raw_request"),
but that's the case for MANY CVE ids that we call out, right?
Again, never cherry-pick :)
thanks,
greg k-h
prev parent reply other threads:[~2025-09-30 11:41 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-07-28 11:22 CVE-2025-38495: HID: core: ensure the allocated report buffer can contain the reserved report ID Greg Kroah-Hartman
2025-09-30 10:42 ` Siddh Raman Pant
2025-09-30 10:49 ` gregkh
2025-09-30 10:54 ` Siddh Raman Pant
2025-09-30 10:59 ` gregkh
2025-09-30 11:09 ` Siddh Raman Pant
2025-09-30 11:22 ` gregkh
2025-09-30 11:32 ` Siddh Raman Pant
2025-09-30 11:41 ` gregkh [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=2025093057-bogged-rasping-0deb@gregkh \
--to=gregkh@linuxfoundation.org \
--cc=cve@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=siddh.raman.pant@oracle.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.