CVE-2025-38494
Published Jul 28, 2025
Last updated 2 months ago
AI description
CVE-2025-38494 refers to a vulnerability found in the Linux kernel. Specifically, the vulnerability lies in the HID (Human Interface Devices) core. The issue stems from the fact that the `hid_hw_raw_request()` function was being bypassed, which is important for validating the buffer and length of requests. By directly calling the low-level transport driver function, these checks were circumvented, potentially allowing invalid parameters to be used.
- Description
- In the Linux kernel, the following vulnerability has been resolved: HID: core: do not bypass hid_hw_raw_request hid_hw_raw_request() is actually useful to ensure the provided buffer and length are valid. Directly calling in the low level transport driver function bypassed those checks and allowed invalid paramto be used.
- Source
- 416baaa9-dc9f-4396-8d5f-8c081fb06d67
- NVD status
- Awaiting Analysis
- Hype score
- Not currently trending
Top 5 Trending CVEs: 1 - CVE-2025-53770 2 - CVE-2025-9132 3 - CVE-2025-38494 4 - CVE-2020-14883 5 - CVE-2025-52970 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
22 Sept 2025
13 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Wrote a trigger for CVE-2025-38494/5 (an integer underflow in the HID subsystem) that leaks 64 KB of OOB memory over USB. Still works on Pixels and Ubuntus (but the bug is fixed in stable kernels). https://t.co/4IvvqcVs4Q https://t.co/BDzfspHViO
@andreyknvl
11 Sept 2025
12963 Impressions
37 Retweets
298 Likes
115 Bookmarks
2 Replies
1 Quote
Urgent: #SUSE releases kernel security patch for SLE 15 SP7. CVE-2025-38494 & CVE-2025-38495 (CVSS: 8.5) allow local privilege escalation via HID core flaws. Read more: π https://t.co/hqvX8NENfc #Security https://t.co/IMBQt98VsH
@Cezar_H_Linux
24 Aug 2025
70 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
New SUSE Linux kernel security update ( #SUSE-SU-2025:02943-1 ) is now available. Addresses critical vulnerabilities in the HID subsystem (CVE-2025-38494/5) with a CVSS 4.0 score of 8.5. Read more:π https://t.co/FQhwDzcDiT #Security https://t.co/UubH0vZuzs
@Cezar_H_Linux
24 Aug 2025
59 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
URGENT: #SUSE releases live patch for Linux Kernel on SLE 15 SP7. Patches 7 vulns incl. CVE-2025-38494 & CVE-2025-38495 (CVSS 8.5). HID, crypto, and net_sched flaws fixed. Read more: π https://t.co/EntU9KIIJY #Security https://t.co/cnTMU9xEf8
@Cezar_H_Linux
24 Aug 2025
71 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
π CRITICAL SECURITY UPDATE: #SUSE has released Live Patch 10 for SLE 15 SP6 to address four severe Linux kernel vulnerabilities (CVE-2025-38079, CVE-2025-38083, CVE-2025-38494, CVE-2025-38495). Read more:π https://t.co/5YM9f2Q65j #Security https://t.co/uOIWxyLxDi
@Cezar_H_Linux
22 Aug 2025
30 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
π CRITICAL SECURITY UPDATE for @SUSE & @openSUSE users. Live Patch 59 for SLE 15 SP3 / Leap 15.3 patches 3 kernel vulnerabilities: CVE-2025-38494 (CVSS 8.5) CVE-2025-38495 (CVSS 8.5) CVE-2025-38079 (CVSS 7.3) Read more:π https://t.co/XSUmOav4
@Cezar_H_Linux
22 Aug 2025
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
π¨ CRITICAL: #SUSE releases Live Patch 55 for Linux Kernel (SLE 15 SP3/Leap 15.3). Patches 5 vulnerabilities, including CVE-2025-38494 & CVE-2025-38495 (CVSS 8.5). Local privilege escalation risk. Read more: π https://t.co/r7wd7rkJZF #Security https://t.co/ObUKP5u6uk
@Cezar_H_Linux
22 Aug 2025
37 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
URGENT: Patch your #SUSE Linux systems now! New kernel update fixes 5 critical vulnerabilities (CVSS up to 8.5): β CVE-2025-38494. β CVE-2025-38495. β CVE-2025-38079. Affects: SLE 15 SP3, Leap 15.3. Read more:π https://t.co/fDkvsYuDOK #Security https://t.co/UUYWk2VlHp
@Cezar_H_Linux
22 Aug 2025
38 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
URGENT: Patch #SUSE SLE 15 SP6 NOW. Live Patch 11 fixes 4 critical kernel vulnerabilities (CVE-2025-38494, CVE-2025-38495, CVE-2025-38079, CVE-2025-38083) with CVSS scores up to 8.5. Don't risk a breach. Read more:π https://t.co/Inku2xAAwA #Security https://t.co/hkVOvbNo6c
@Cezar_H_Linux
22 Aug 2025
42 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
URGENT: #SUSE releases critical kernel security patch for SLE 15 SP6 / openSUSE Leap 15.6. Patches 4 vulnerabilities: β CVE-2025-38494 (CVSS 8.5) β CVE-2025-38495 (CVSS 8.5) β CVE-2025-38079 β CVE-2025-38083 Read more: π https://t.co/anKbMUMkxS https://t.co/F367XNvS0u
@Cezar_H_Linux
21 Aug 2025
18 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
π¨ URGENT: #SUSE Linux Kernel Patch Alert for SLE 15 SP4 / Leap 15.4. Patch 5 CVEs now, including two CRITICAL 8.5-rated flaws (CVE-2025-38494, CVE-2025-38495) in the HID core. Read more:π https://t.co/cv1fzx3R3v https://t.co/aMaQVtJQOl
@Cezar_H_Linux
20 Aug 2025
28 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
π¨ URGENT #Security Update for @SUSE & @openSUSE users! New Linux kernel patches fix 4 critical vulns (CVSS up to 8.5!). CVE-2025-38494/5 (HID) and others risk privilege escalation & DoS. Read more:π https://t.co/r5P937jj18 #Security https://t.co/tItD6gfeun
@Cezar_H_Linux
20 Aug 2025
77 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
π¨ URGENT: #SUSE Linux Kernel Live Patch 54 released. Patches 5 vulnerabilities: β οΈ CVE-2025-38494 (CVSS: 8.5) β οΈ CVE-2025-38495 (CVSS: 8.5) Impact: Privilege escalation, system compromise. Affects: #SLE15SP3, #openSUSE Leap 15.3. Read more:π https://t.co/BaLkjz2WsW
@Cezar_H_Linux
19 Aug 2025
84 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
π¨ CRITICAL: #SUSE Linux Kernel Security Update π¨ Patch 28 vulnerabilities (CVE-2025-38494, CVE-2025-38257) in SLE Micro 5.3/5.4. CVSS scores up to 7.8. Read more:π https://t.co/Uq6Ng4gLPE #Security https://t.co/srUB1R1XTw
@Cezar_H_Linux
19 Aug 2025
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
π¨ URGENT: #SUSE patches 28 Linux kernel vulnerabilities (CVE-2025-38494, CVSS 8.5). Affects openSUSE Leap 15.4, SLES, Micro OS. Risks: Local privilege escalation, DoS. Read more:π https://t.co/rBvYcYuHwM #Security https://t.co/VzT4VecNUs
@Cezar_H_Linux
19 Aug 2025
35 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
π¨ Critical kernel update! #SUSEβs Live Patch 38 fixes: β CVE-2025-38494 (8.5) - HID bypass. β CVE-2025-38079 - Crypto double-free. β 3 other CVEs. Read more:π https://t.co/Rv9Q9w8D0J #Security https://t.co/y6ari0EIUs
@Cezar_H_Linux
18 Aug 2025
39 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
URGENT: #SUSE kernel patch mitigates: β CVE-2025-38494 (HID bypass). β CVE-2025-38083 (net-sched exploit). Install: zypper in -t patch [ID]. Read more: πhttps://t.co/aqzgsXXHrT #Security https://t.co/qhfFQDmtWd
@Cezar_H_Linux
18 Aug 2025
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Critical #SUSE kernel update! Patch now for: β CVE-2025-38494/95 (CVSS 8.5 - USB privilege escalation). β CVE-2025-38079 (RCE via crypto API). β 3 other high-risk flaws. Read more: π https://t.co/a6R0CxGfem #Security https://t.co/jTEVRJrTa0
@Cezar_H_Linux
18 Aug 2025
30 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes
π¨ #SUSE Kernel Patch 68: Fixes 4 HIGH-risk CVEs (CVE-2025-38494/5, CVE-2025-38079/83). β CVSS 8.5: HID heap overflows β root access β SLE 12 SP5 affected β° Patch IMMEDIATELY. Read more:π https://t.co/8UyqXdbxk4 #Security https://t.co/is9yDCKTtw
@Cezar_H_Linux
18 Aug 2025
19 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
βΌοΈ CRITICAL #Linux Kernel Patches: #SUSE SU-2025:02827-1 for SLE 12 SP5 (Live Patch 67) fixes 4 vulns (CVE-2025-38494/5, CVE-2025-38079/83). CVSS 8.5! Local priv escalation/code exec risk. β οΈ Read more: π https://t.co/TqhCNYU3Rr #Security https://t.co/c1hSjcTcsW
@Cezar_H_Linux
18 Aug 2025
33 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Critical kernel vulns fixed: CVE-2025-38494 & CVE-2025-38495 (CVSS 8.5). Risk: Local Privilege Escalation -> Full System Takeover. Impacts: SLE Live Patching/RT/Server/SAP (SP6/SP7). Read more: π https://t.co/uyupdv4xfd #Security #SUSE https://t.co/UjzSS1dXn8
@Cezar_H_Linux
18 Aug 2025
30 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
BREAKING: #SUSE Linux Kernel RT update fixes critical CVEs: CVE-2025-38494 (8.5 CVSS) CVE-2024-36978 (7.8 CVSS) Patch command: β¬οΈ zypper in -t patch SUSE-SLE-... Read more:π https://t.co/ZSA15RMYcK #Security https://t.co/s
@Cezar_H_Linux
18 Aug 2025
29 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
π¨ Breaking: #SUSE kernel update (SU-2025:02820-1) patches: CVE-2025-38494 (HID hijacking) CVE-2025-38079 (Crypto crash) Patch IMMEDIATELY if using #Linux Real-Time. Details. Read more: π https://t.co/h8HRH5pyGM #Security https://t.co/aSsax12lub
@Cezar_H_Linux
18 Aug 2025
43 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-38494 In the Linux kernel, the following vulnerability has been resolved: HID: core: do not bypass hid_hw_raw_request hid_hw_raw_request() is actually useful to ensure th⦠https://t.co/GIiTDczfTP
@CVEnew
28 Jul 2025
221 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes