CVE-2026-23382
MEDIUMHID: Add HID_CLAIMED_INPUT guards in raw_event callbacks missing them
Title source: cnaDescription
In the Linux kernel, the following vulnerability has been resolved: HID: Add HID_CLAIMED_INPUT guards in raw_event callbacks missing them In commit 2ff5baa9b527 ("HID: appleir: Fix potential NULL dereference at raw event handle"), we handle the fact that raw event callbacks can happen even for a HID device that has not been "claimed" causing a crash if a broken device were attempted to be connected to the system. Fix up the remaining in-tree HID drivers that forgot to add this same check to resolve the same issue.
References (8)
Scores
CVSS v3
5.5
EPSS
0.0001
EPSS Percentile
3.3%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-476
Status
published
Products (33)
linux/Kernel
2.6.35 - 6.1.167linux
linux/Kernel
6.13.0 - 6.18.17linux
linux/Kernel
6.19.0 - 6.19.7linux
linux/Kernel
6.2.0 - 6.6.130linux
linux/Kernel
6.7.0 - 6.12.77linux
Linux/Linux
< 2.6.35
Linux/Linux
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - 20864e3e41c74cda253a9fa6b6fe093c1461a6a9
Linux/Linux
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - 575122cd6569c4c4aa13c4c9958fea506724c788
Linux/Linux
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - 6e330889e6c8db99f04d4feb861d23de4e8fbb13
Linux/Linux
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - 892dbaf46bb738dacf1fa663eadb3712c85868f0
... and 23 more
Published
Mar 25, 2026
Tracked Since
Mar 25, 2026