- Description
- In the Linux kernel, the following vulnerability has been resolved: HID: core: ensure the allocated report buffer can contain the reserved report ID When the report ID is not used, the low level transport drivers expect the first byte to be 0. However, currently the allocated buffer not account for that extra byte, meaning that instead of having 8 guaranteed bytes for implement to be working, we only have 7.
- Source
- 416baaa9-dc9f-4396-8d5f-8c081fb06d67
- NVD status
- Analyzed
- Products
- linux_kernel, debian_linux
CVSS 3.1
- Type
- Primary
- Base score
- 5.5
- Impact score
- 3.6
- Exploitability score
- 1.8
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
- Severity
- MEDIUM
- Hype score
- Not currently trending
Bam: USB HID info-leak exploit for CVE-2025-38494/CVE-2025-38495 Exploit ( https://t.co/YIpHkcD7Ky) by Andrey Konovalov ( https://t.co/XzbmO1Tfp0 ) for an integer underflow bug in the HID subsystem that allows leaking up to 64 KB of kernel memory over USB. The bug is still not
@kaisarrmeoydw
18 Jan 2026
82 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-38494/CVE-2025-38495 effects on first poweron <10sec
@HI_Ricky
9 Nov 2025
1438 Impressions
1 Retweet
4 Likes
0 Bookmarks
1 Reply
0 Quotes
Urgent: #SUSE releases kernel security patch for SLE 15 SP7. CVE-2025-38494 & CVE-2025-38495 (CVSS: 8.5) allow local privilege escalation via HID core flaws. Read more: π https://t.co/hqvX8NENfc #Security https://t.co/IMBQt98VsH
@Cezar_H_Linux
24 Aug 2025
70 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
URGENT: #SUSE releases live patch for Linux Kernel on SLE 15 SP7. Patches 7 vulns incl. CVE-2025-38494 & CVE-2025-38495 (CVSS 8.5). HID, crypto, and net_sched flaws fixed. Read more: π https://t.co/EntU9KIIJY #Security https://t.co/cnTMU9xEf8
@Cezar_H_Linux
24 Aug 2025
71 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
π CRITICAL SECURITY UPDATE: #SUSE has released Live Patch 10 for SLE 15 SP6 to address four severe Linux kernel vulnerabilities (CVE-2025-38079, CVE-2025-38083, CVE-2025-38494, CVE-2025-38495). Read more:π https://t.co/5YM9f2Q65j #Security https://t.co/uOIWxyLxDi
@Cezar_H_Linux
22 Aug 2025
30 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
π CRITICAL SECURITY UPDATE for @SUSE & @openSUSE users. Live Patch 59 for SLE 15 SP3 / Leap 15.3 patches 3 kernel vulnerabilities: CVE-2025-38494 (CVSS 8.5) CVE-2025-38495 (CVSS 8.5) CVE-2025-38079 (CVSS 7.3) Read more:π https://t.co/XSUmOav4
@Cezar_H_Linux
22 Aug 2025
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
π¨ CRITICAL: #SUSE releases Live Patch 55 for Linux Kernel (SLE 15 SP3/Leap 15.3). Patches 5 vulnerabilities, including CVE-2025-38494 & CVE-2025-38495 (CVSS 8.5). Local privilege escalation risk. Read more: π https://t.co/r7wd7rkJZF #Security https://t.co/ObUKP5u6uk
@Cezar_H_Linux
22 Aug 2025
37 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
URGENT: Patch your #SUSE Linux systems now! New kernel update fixes 5 critical vulnerabilities (CVSS up to 8.5): β CVE-2025-38494. β CVE-2025-38495. β CVE-2025-38079. Affects: SLE 15 SP3, Leap 15.3. Read more:π https://t.co/fDkvsYuDOK #Security https://t.co/UUYWk2VlHp
@Cezar_H_Linux
22 Aug 2025
38 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
URGENT: Patch #SUSE SLE 15 SP6 NOW. Live Patch 11 fixes 4 critical kernel vulnerabilities (CVE-2025-38494, CVE-2025-38495, CVE-2025-38079, CVE-2025-38083) with CVSS scores up to 8.5. Don't risk a breach. Read more:π https://t.co/Inku2xAAwA #Security https://t.co/hkVOvbNo6c
@Cezar_H_Linux
22 Aug 2025
42 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
URGENT: #SUSE releases critical kernel security patch for SLE 15 SP6 / openSUSE Leap 15.6. Patches 4 vulnerabilities: β CVE-2025-38494 (CVSS 8.5) β CVE-2025-38495 (CVSS 8.5) β CVE-2025-38079 β CVE-2025-38083 Read more: π https://t.co/anKbMUMkxS https://t.co/F367XNvS0u
@Cezar_H_Linux
21 Aug 2025
18 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
π¨ URGENT: #SUSE Linux Kernel Patch Alert for SLE 15 SP4 / Leap 15.4. Patch 5 CVEs now, including two CRITICAL 8.5-rated flaws (CVE-2025-38494, CVE-2025-38495) in the HID core. Read more:π https://t.co/cv1fzx3R3v https://t.co/aMaQVtJQOl
@Cezar_H_Linux
20 Aug 2025
28 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
π¨ URGENT: #SUSE Linux Kernel Live Patch 54 released. Patches 5 vulnerabilities: β οΈ CVE-2025-38494 (CVSS: 8.5) β οΈ CVE-2025-38495 (CVSS: 8.5) Impact: Privilege escalation, system compromise. Affects: #SLE15SP3, #openSUSE Leap 15.3. Read more:π https://t.co/BaLkjz2WsW
@Cezar_H_Linux
19 Aug 2025
84 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Critical kernel vulns fixed: CVE-2025-38494 & CVE-2025-38495 (CVSS 8.5). Risk: Local Privilege Escalation -> Full System Takeover. Impacts: SLE Live Patching/RT/Server/SAP (SP6/SP7). Read more: π https://t.co/uyupdv4xfd #Security #SUSE https://t.co/UjzSS1dXn8
@Cezar_H_Linux
18 Aug 2025
30 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-38495 In the Linux kernel, the following vulnerability has been resolved: HID: core: ensure the allocated report buffer can contain the reserved report ID When the report⦠https://t.co/tZ6ZdpHUrl
@CVEnew
28 Jul 2025
213 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6D7384E1-E9E8-41E0-AF24-1571E21AC42F",
"versionEndExcluding": "5.4.297",
"versionStartIncluding": "3.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D0D21C35-EB8A-488A-BBF9-403E4817E5DD",
"versionEndExcluding": "5.10.241",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AD9E597F-3DDE-4D7E-976C-463D0611F13F",
"versionEndExcluding": "5.15.190",
"versionStartIncluding": "5.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A4FD62FC-0DAE-4ACE-8C9C-66156518C3E1",
"versionEndExcluding": "6.1.147",
"versionStartIncluding": "5.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "094B81E0-B756-4727-85CA-F3F8D1C9D116",
"versionEndExcluding": "6.6.100",
"versionStartIncluding": "6.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0099D5A4-B157-4D36-8858-982C7D579030",
"versionEndExcluding": "6.12.40",
"versionStartIncluding": "6.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C7AFE5B0-F3B1-4D30-B8BF-EDA0385C4746",
"versionEndExcluding": "6.15.8",
"versionStartIncluding": "6.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:6.16:rc1:*:*:*:*:*:*",
"matchCriteriaId": "6D4894DB-CCFE-4602-B1BF-3960B2E19A01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:6.16:rc2:*:*:*:*:*:*",
"matchCriteriaId": "09709862-E348-4378-8632-5A7813EDDC86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:6.16:rc3:*:*:*:*:*:*",
"matchCriteriaId": "415BF58A-8197-43F5-B3D7-D1D63057A26E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:6.16:rc4:*:*:*:*:*:*",
"matchCriteriaId": "A0517869-312D-4429-80C2-561086E1421C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:6.16:rc5:*:*:*:*:*:*",
"matchCriteriaId": "85421F4E-C863-4ABF-B4B4-E887CC2F7F92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:6.16:rc6:*:*:*:*:*:*",
"matchCriteriaId": "3827F0D4-5FEE-4181-B267-5A45E7CA11FC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]