CVE-2025-38494

Published Jul 28, 2025

Last updated 14 hours ago

CVSS high 7.8
Linux Kernel

Overview

AI description

Automated description summarized from trusted sources.

CVE-2025-38494 refers to a vulnerability found in the Linux kernel. Specifically, the vulnerability lies in the HID (Human Interface Devices) core. The issue stems from the fact that the `hid_hw_raw_request()` function was being bypassed, which is important for validating the buffer and length of requests. By directly calling the low-level transport driver function, these checks were circumvented, potentially allowing invalid parameters to be used.

Description
In the Linux kernel, the following vulnerability has been resolved: HID: core: do not bypass hid_hw_raw_request hid_hw_raw_request() is actually useful to ensure the provided buffer and length are valid. Directly calling in the low level transport driver function bypassed those checks and allowed invalid paramto be used.
Source
416baaa9-dc9f-4396-8d5f-8c081fb06d67
NVD status
Analyzed
Products
linux_kernel, debian_linux

Risk scores

CVSS 3.1

Type
Primary
Base score
7.8
Impact score
5.9
Exploitability score
1.8
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity
HIGH

Weaknesses

nvd@nist.gov
NVD-CWE-noinfo

Social media

Hype score
Not currently trending

  1. Bam: USB HID info-leak exploit for CVE-2025-38494/CVE-2025-38495 Exploit ( https://t.co/YIpHkcD7Ky) by Andrey Konovalov ( https://t.co/XzbmO1Tfp0 ) for an integer underflow bug in the HID subsystem that allows leaking up to 64 KB of kernel memory over USB. The bug is still not

    @kaisarrmeoydw

    18 Jan 2026

    82 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. CVE-2025-38494/CVE-2025-38495 effects on first poweron <10sec

    @HI_Ricky

    9 Nov 2025

    1438 Impressions

    1 Retweet

    4 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  3. Top 5 Trending CVEs: 1 - CVE-2025-53770 2 - CVE-2025-9132 3 - CVE-2025-38494 4 - CVE-2020-14883 5 - CVE-2025-52970 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W

    @CVEShield

    22 Sept 2025

    13 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. Wrote a trigger for CVE-2025-38494/5 (an integer underflow in the HID subsystem) that leaks 64 KB of OOB memory over USB. Still works on Pixels and Ubuntus (but the bug is fixed in stable kernels). https://t.co/4IvvqcVs4Q https://t.co/BDzfspHViO

    @andreyknvl

    11 Sept 2025

    12963 Impressions

    37 Retweets

    298 Likes

    115 Bookmarks

    2 Replies

    1 Quote

  5. Urgent: #SUSE releases kernel security patch for SLE 15 SP7. CVE-2025-38494 & CVE-2025-38495 (CVSS: 8.5) allow local privilege escalation via HID core flaws. Read more: πŸ‘‰ https://t.co/hqvX8NENfc #Security https://t.co/IMBQt98VsH

    @Cezar_H_Linux

    24 Aug 2025

    70 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. New SUSE Linux kernel security update ( #SUSE-SU-2025:02943-1 ) is now available. Addresses critical vulnerabilities in the HID subsystem (CVE-2025-38494/5) with a CVSS 4.0 score of 8.5. Read more:πŸ‘‰ https://t.co/FQhwDzcDiT #Security https://t.co/UubH0vZuzs

    @Cezar_H_Linux

    24 Aug 2025

    59 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  7. URGENT: #SUSE releases live patch for Linux Kernel on SLE 15 SP7. Patches 7 vulns incl. CVE-2025-38494 & CVE-2025-38495 (CVSS 8.5). HID, crypto, and net_sched flaws fixed. Read more: πŸ‘‰ https://t.co/EntU9KIIJY #Security https://t.co/cnTMU9xEf8

    @Cezar_H_Linux

    24 Aug 2025

    71 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  8. πŸ” CRITICAL SECURITY UPDATE: #SUSE has released Live Patch 10 for SLE 15 SP6 to address four severe Linux kernel vulnerabilities (CVE-2025-38079, CVE-2025-38083, CVE-2025-38494, CVE-2025-38495). Read more:πŸ‘‰ https://t.co/5YM9f2Q65j #Security https://t.co/uOIWxyLxDi

    @Cezar_H_Linux

    22 Aug 2025

    30 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  9. πŸ” CRITICAL SECURITY UPDATE for @SUSE & @openSUSE users. Live Patch 59 for SLE 15 SP3 / Leap 15.3 patches 3 kernel vulnerabilities: CVE-2025-38494 (CVSS 8.5) CVE-2025-38495 (CVSS 8.5) CVE-2025-38079 (CVSS 7.3) Read more:πŸ‘‰ https://t.co/XSUmOav4

    @Cezar_H_Linux

    22 Aug 2025

    6 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  10. 🚨 CRITICAL: #SUSE releases Live Patch 55 for Linux Kernel (SLE 15 SP3/Leap 15.3). Patches 5 vulnerabilities, including CVE-2025-38494 & CVE-2025-38495 (CVSS 8.5). Local privilege escalation risk. Read more: πŸ‘‰ https://t.co/r7wd7rkJZF #Security https://t.co/ObUKP5u6uk

    @Cezar_H_Linux

    22 Aug 2025

    37 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  11. URGENT: Patch your #SUSE Linux systems now! New kernel update fixes 5 critical vulnerabilities (CVSS up to 8.5): βœ… CVE-2025-38494. βœ… CVE-2025-38495. βœ… CVE-2025-38079. Affects: SLE 15 SP3, Leap 15.3. Read more:πŸ‘‰ https://t.co/fDkvsYuDOK #Security https://t.co/UUYWk2VlHp

    @Cezar_H_Linux

    22 Aug 2025

    38 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  12. URGENT: Patch #SUSE SLE 15 SP6 NOW. Live Patch 11 fixes 4 critical kernel vulnerabilities (CVE-2025-38494, CVE-2025-38495, CVE-2025-38079, CVE-2025-38083) with CVSS scores up to 8.5. Don't risk a breach. Read more:πŸ‘‰ https://t.co/Inku2xAAwA #Security https://t.co/hkVOvbNo6c

    @Cezar_H_Linux

    22 Aug 2025

    42 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  13. URGENT: #SUSE releases critical kernel security patch for SLE 15 SP6 / openSUSE Leap 15.6. Patches 4 vulnerabilities: βœ… CVE-2025-38494 (CVSS 8.5) βœ… CVE-2025-38495 (CVSS 8.5) βœ… CVE-2025-38079 βœ… CVE-2025-38083 Read more: πŸ‘‰ https://t.co/anKbMUMkxS https://t.co/F367XNvS0u

    @Cezar_H_Linux

    21 Aug 2025

    18 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  14. 🚨 URGENT: #SUSE Linux Kernel Patch Alert for SLE 15 SP4 / Leap 15.4. Patch 5 CVEs now, including two CRITICAL 8.5-rated flaws (CVE-2025-38494, CVE-2025-38495) in the HID core. Read more:πŸ‘‰ https://t.co/cv1fzx3R3v https://t.co/aMaQVtJQOl

    @Cezar_H_Linux

    20 Aug 2025

    28 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  15. 🚨 URGENT #Security Update for @SUSE & @openSUSE users! New Linux kernel patches fix 4 critical vulns (CVSS up to 8.5!). CVE-2025-38494/5 (HID) and others risk privilege escalation & DoS. Read more:πŸ‘‰ https://t.co/r5P937jj18 #Security https://t.co/tItD6gfeun

    @Cezar_H_Linux

    20 Aug 2025

    77 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  16. 🚨 URGENT: #SUSE Linux Kernel Live Patch 54 released. Patches 5 vulnerabilities: ⚠️ CVE-2025-38494 (CVSS: 8.5) ⚠️ CVE-2025-38495 (CVSS: 8.5) Impact: Privilege escalation, system compromise. Affects: #SLE15SP3, #openSUSE Leap 15.3. Read more:πŸ‘‰ https://t.co/BaLkjz2WsW

    @Cezar_H_Linux

    19 Aug 2025

    84 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  17. 🚨 CRITICAL: #SUSE Linux Kernel Security Update 🚨 Patch 28 vulnerabilities (CVE-2025-38494, CVE-2025-38257) in SLE Micro 5.3/5.4. CVSS scores up to 7.8. Read more:πŸ‘‰ https://t.co/Uq6Ng4gLPE #Security https://t.co/srUB1R1XTw

    @Cezar_H_Linux

    19 Aug 2025

    11 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  18. 🚨 URGENT: #SUSE patches 28 Linux kernel vulnerabilities (CVE-2025-38494, CVSS 8.5). Affects openSUSE Leap 15.4, SLES, Micro OS. Risks: Local privilege escalation, DoS. Read more:πŸ‘‰ https://t.co/rBvYcYuHwM #Security https://t.co/VzT4VecNUs

    @Cezar_H_Linux

    19 Aug 2025

    35 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  19. 🚨 Critical kernel update! #SUSE’s Live Patch 38 fixes: βœ… CVE-2025-38494 (8.5) - HID bypass. βœ… CVE-2025-38079 - Crypto double-free. βœ… 3 other CVEs. Read more:πŸ‘‰ https://t.co/Rv9Q9w8D0J #Security https://t.co/y6ari0EIUs

    @Cezar_H_Linux

    18 Aug 2025

    39 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  20. URGENT: #SUSE kernel patch mitigates: βœ… CVE-2025-38494 (HID bypass). βœ… CVE-2025-38083 (net-sched exploit). Install: zypper in -t patch [ID]. Read more: πŸ‘‰https://t.co/aqzgsXXHrT #Security https://t.co/qhfFQDmtWd

    @Cezar_H_Linux

    18 Aug 2025

    10 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  21. Critical #SUSE kernel update! Patch now for: βœ… CVE-2025-38494/95 (CVSS 8.5 - USB privilege escalation). βœ… CVE-2025-38079 (RCE via crypto API). βœ… 3 other high-risk flaws. Read more: πŸ‘‰ https://t.co/a6R0CxGfem #Security https://t.co/jTEVRJrTa0

    @Cezar_H_Linux

    18 Aug 2025

    30 Impressions

    0 Retweets

    0 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  22. 🚨 #SUSE Kernel Patch 68: Fixes 4 HIGH-risk CVEs (CVE-2025-38494/5, CVE-2025-38079/83). βœ… CVSS 8.5: HID heap overflows β†’ root access βœ… SLE 12 SP5 affected ⏰ Patch IMMEDIATELY. Read more:πŸ‘‰ https://t.co/8UyqXdbxk4 #Security https://t.co/is9yDCKTtw

    @Cezar_H_Linux

    18 Aug 2025

    19 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  23. ‼️ CRITICAL #Linux Kernel Patches: #SUSE SU-2025:02827-1 for SLE 12 SP5 (Live Patch 67) fixes 4 vulns (CVE-2025-38494/5, CVE-2025-38079/83). CVSS 8.5! Local priv escalation/code exec risk. ⚠️ Read more: πŸ‘‰ https://t.co/TqhCNYU3Rr #Security https://t.co/c1hSjcTcsW

    @Cezar_H_Linux

    18 Aug 2025

    33 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  24. Critical kernel vulns fixed: CVE-2025-38494 & CVE-2025-38495 (CVSS 8.5). Risk: Local Privilege Escalation -> Full System Takeover. Impacts: SLE Live Patching/RT/Server/SAP (SP6/SP7). Read more: πŸ‘‰ https://t.co/uyupdv4xfd #Security #SUSE https://t.co/UjzSS1dXn8

    @Cezar_H_Linux

    18 Aug 2025

    30 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  25. BREAKING: #SUSE Linux Kernel RT update fixes critical CVEs: CVE-2025-38494 (8.5 CVSS) CVE-2024-36978 (7.8 CVSS) Patch command: ⬇️ zypper in -t patch SUSE-SLE-... Read more:πŸ‘‰ https://t.co/ZSA15RMYcK #Security https://t.co/s

    @Cezar_H_Linux

    18 Aug 2025

    29 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  26. 🚨 Breaking: #SUSE kernel update (SU-2025:02820-1) patches: CVE-2025-38494 (HID hijacking) CVE-2025-38079 (Crypto crash) Patch IMMEDIATELY if using #Linux Real-Time. Details. Read more: πŸ‘‰ https://t.co/h8HRH5pyGM #Security https://t.co/aSsax12lub

    @Cezar_H_Linux

    18 Aug 2025

    43 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  27. CVE-2025-38494 In the Linux kernel, the following vulnerability has been resolved: HID: core: do not bypass hid_hw_raw_request hid_hw_raw_request() is actually useful to ensure th… https://t.co/GIiTDczfTP

    @CVEnew

    28 Jul 2025

    221 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

References

Sources include official advisories and independent security research.