Description
In the Linux kernel, the following vulnerability has been resolved: HID: core: do not bypass hid_hw_raw_request hid_hw_raw_request() is actually useful to ensure the provided buffer and length are valid. Directly calling in the low level transport driver function bypassed those checks and allowed invalid paramto be used.
Product status
4fa5a7f76cc7b6ac87f57741edd2b124851d119f (git) before dd8e8314f2ce225dade5248dcfb9e2ac0edda624
4fa5a7f76cc7b6ac87f57741edd2b124851d119f (git) before 40e25aa7e4e0f2440c73a683ee448e41c7c344ed
4fa5a7f76cc7b6ac87f57741edd2b124851d119f (git) before f10923b8d32a473b229477b63f23bbd72b1e9910
4fa5a7f76cc7b6ac87f57741edd2b124851d119f (git) before a62a895edb2bfebffa865b5129a66e3b4287f34f
4fa5a7f76cc7b6ac87f57741edd2b124851d119f (git) before 0e5017d84d650ca0eeaf4a3fe9264c5dbc886b81
4fa5a7f76cc7b6ac87f57741edd2b124851d119f (git) before d18f63e848840100dbc351a82e7042eac5a28cf5
4fa5a7f76cc7b6ac87f57741edd2b124851d119f (git) before 19d1314d46c0d8a5c08ab53ddeb62280c77698c0
4fa5a7f76cc7b6ac87f57741edd2b124851d119f (git) before c2ca42f190b6714d6c481dfd3d9b62ea091c946b
3.15
Any version before 3.15
5.4.297 (semver)
5.10.241 (semver)
5.15.190 (semver)
6.1.147 (semver)
6.6.100 (semver)
6.12.40 (semver)
6.15.8 (semver)
6.16 (original_commit_for_fix)
References
lists.debian.org/debian-lts-announce/2025/10/msg00008.html
lists.debian.org/debian-lts-announce/2025/10/msg00007.html
git.kernel.org/...c/dd8e8314f2ce225dade5248dcfb9e2ac0edda624
git.kernel.org/...c/40e25aa7e4e0f2440c73a683ee448e41c7c344ed
git.kernel.org/...c/f10923b8d32a473b229477b63f23bbd72b1e9910
git.kernel.org/...c/a62a895edb2bfebffa865b5129a66e3b4287f34f
git.kernel.org/...c/0e5017d84d650ca0eeaf4a3fe9264c5dbc886b81
git.kernel.org/...c/d18f63e848840100dbc351a82e7042eac5a28cf5
git.kernel.org/...c/19d1314d46c0d8a5c08ab53ddeb62280c77698c0
git.kernel.org/...c/c2ca42f190b6714d6c481dfd3d9b62ea091c946b