CVE-2025-37862

Source
https://nvd.nist.gov/vuln/detail/CVE-2025-37862
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-37862.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-37862
Downstream
Related
Published
2025-05-09T07:16:07Z
Modified
2025-08-09T19:01:28Z
Summary
[none]
Details

In the Linux kernel, the following vulnerability has been resolved:

HID: pidff: Fix null pointer dereference in pidfffindfields

This function triggered a null pointer dereference if used to search for a report that isn't implemented on the device. This happened both for optional and required reports alike.

The same logic was applied to pidfffindspecialfield and although pidffinit_fields should return an error earlier if one of the required reports is missing, future modifications could change this logic and resurface this possible null pointer dereference again.

LKML bug report: https://lore.kernel.org/all/CAL-gK7f5=R0nrrQdPtaZZr1fd-cdAMbDMuZ_NLA8vM0SX+nGSw@mail.gmail.com

References

Affected packages