Acknowledged
Created: Jul 3, 2025
Updated: Jul 8, 2025
Found In Version: 10.22.33.1
Severity: Standard
Applicable for: Wind River Linux LTS 22
Component/s: Kernel
In the Linux kernel, the following vulnerability has been resolved:EOL][EOL]HID: usbhid: Eliminate recurrent out-of-bounds bug in usbhid_parse()[EOL][EOL]Update struct hid_descriptor to better reflect the mandatory and[EOL]optional parts of the HID Descriptor as per USB HID 1.11 specification.[EOL]Note: the kernel currently does not parse any optional HID class[EOL]descriptors, only the mandatory report descriptor.[EOL][EOL]Update all references to member element desc[0] to rpt_desc.[EOL][EOL]Add test to verify bLength and bNumDescriptors values are valid.[EOL][EOL]Replace the for loop with direct access to the mandatory HID class[EOL]descriptor member for the report descriptor. This eliminates the[EOL]possibility of getting an out-of-bounds fault.[EOL][EOL]Add a warning message if the HID descriptor contains any unsupported[EOL]optional HID class descriptors.
CREATE(Triage):(User=lchen-cn) [CVE-2025-38103 (https://nvd.nist.gov/vuln/detail/CVE-2025-38103)
