CVE-2025-37862

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-37862

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-37862.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-37862

Downstream

BELL-CVE-2025-37862

DEBIAN-CVE-2025-37862

DLA-4178-1

DLA-4193-1

ECHO-7048-4122-3756

OESA-2025-2077

OESA-2025-2078

OESA-2025-2079

SUSE-SU-2025:02249-1

SUSE-SU-2025:02538-1

SUSE-SU-2025:02923-1

UBUNTU-CVE-2025-37862

USN-7594-1

USN-7594-2

USN-7594-3

USN-7654-1

USN-7654-2

USN-7654-3

USN-7654-4

USN-7654-5

USN-7655-1

USN-7686-1

USN-7711-1

USN-7712-1

USN-7712-2

Related

Published

2025-05-09T07:16:07Z

Modified

2025-08-09T19:01:28Z

Summary

[none]

Details

In the Linux kernel, the following vulnerability has been resolved:

HID: pidff: Fix null pointer dereference in pidfffindfields

This function triggered a null pointer dereference if used to search for a report that isn't implemented on the device. This happened both for optional and required reports alike.

The same logic was applied to pidfffindspecialfield and although pidffinit_fields should return an error earlier if one of the required reports is missing, future modifications could change this logic and resurface this possible null pointer dereference again.

LKML bug report: https://lore.kernel.org/all/CAL-gK7f5=R0nrrQdPtaZZr1fd-cdAMbDMuZ_NLA8vM0SX+nGSw@mail.gmail.com

References

Affected packages