Description
In the Linux kernel, the following vulnerability has been resolved: HID: pidff: Fix null pointer dereference in pidff_find_fields This function triggered a null pointer dereference if used to search for a report that isn't implemented on the device. This happened both for optional and required reports alike. The same logic was applied to pidff_find_special_field and although pidff_init_fields should return an error earlier if one of the required reports is missing, future modifications could change this logic and resurface this possible null pointer dereference again. LKML bug report: https://lore.kernel.org/all/CAL-gK7f5=R0nrrQdPtaZZr1fd-cdAMbDMuZ_NLA8vM0SX+nGSw@mail.gmail.com
References (11)
Core 11
Core References
Mailing List, Third Party Advisory
https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html
Mailing List, Third Party Advisory
https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html
Scores
CVSS v3
5.5
EPSS
0.0006
EPSS Percentile
18.4%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-476
Status
published
Products (30)
debian/debian_linux
11.0
linux/Kernel
2.6.19 - 5.4.293linux
linux/Kernel
5.11.0 - 5.15.181linux
linux/Kernel
5.16.0 - 6.1.135linux
linux/Kernel
5.5.0 - 5.10.237linux
linux/Kernel
6.13.0 - 6.13.12linux
linux/Kernel
6.14.0 - 6.14.3linux
linux/Kernel
6.2.0 - 6.6.88linux
linux/Kernel
6.7.0 - 6.12.24linux
Linux/Linux
< 2.6.19
... and 20 more
Published
May 09, 2025
Tracked Since
Feb 18, 2026