cvelistv5 - cve-2025-39806

CVE-2025-39806 (GCVE-0-2025-39806)

Vulnerability from cvelistv5

Published

2025-09-16 13:00

Modified

2025-09-16 13:00

Severity ?

Summary

In the Linux kernel, the following vulnerability has been resolved: HID: multitouch: fix slab out-of-bounds access in mt_report_fixup() A malicious HID device can trigger a slab out-of-bounds during mt_report_fixup() by passing in report descriptor smaller than 607 bytes. mt_report_fixup() attempts to patch byte offset 607 of the descriptor with 0x25 by first checking if byte offset 607 is 0x15 however it lacks bounds checks to verify if the descriptor is big enough before conducting this check. Fix this bug by ensuring the descriptor size is at least 608 bytes before accessing it. Below is the KASAN splat after the out of bounds access happens: [ 13.671954] ================================================================== [ 13.672667] BUG: KASAN: slab-out-of-bounds in mt_report_fixup+0x103/0x110 [ 13.673297] Read of size 1 at addr ffff888103df39df by task kworker/0:1/10 [ 13.673297] [ 13.673297] CPU: 0 UID: 0 PID: 10 Comm: kworker/0:1 Not tainted 6.15.0-00005-gec5d573d83f4-dirty #3 [ 13.673297] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2-debian-1.16.2-1 04/04 [ 13.673297] Call Trace: [ 13.673297] <TASK> [ 13.673297] dump_stack_lvl+0x5f/0x80 [ 13.673297] print_report+0xd1/0x660 [ 13.673297] kasan_report+0xe5/0x120 [ 13.673297] __asan_report_load1_noabort+0x18/0x20 [ 13.673297] mt_report_fixup+0x103/0x110 [ 13.673297] hid_open_report+0x1ef/0x810 [ 13.673297] mt_probe+0x422/0x960 [ 13.673297] hid_device_probe+0x2e2/0x6f0 [ 13.673297] really_probe+0x1c6/0x6b0 [ 13.673297] __driver_probe_device+0x24f/0x310 [ 13.673297] driver_probe_device+0x4e/0x220 [ 13.673297] __device_attach_driver+0x169/0x320 [ 13.673297] bus_for_each_drv+0x11d/0x1b0 [ 13.673297] __device_attach+0x1b8/0x3e0 [ 13.673297] device_initial_probe+0x12/0x20 [ 13.673297] bus_probe_device+0x13d/0x180 [ 13.673297] device_add+0xe3a/0x1670 [ 13.673297] hid_add_device+0x31d/0xa40 [...]

References

▼	URL	Tags
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/0379eb8691b9c4477da0277ae0832036ca4410b4
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/3055309821dd3da92888f88bad10f0324c3c89fe
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/4263e5851779f7d8ebfbc9cc7d2e9b0217adba8d
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/7ab7311c43ae19c66c53ccd8c5052a9072a4e338
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/c13e95587583d018cfbcc277df7e02d41902ac5a
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/d4e6e2680807671e1c73cd6a986b33659ce92f2b

Impacted products

Vendor

Product

Version

▼

Linux

Version: 7d91a0b2151a9c3b61d44c85c8eba930eddd1dd0
Version: 45ec9f17ce46417fc4eccecf388c99e81fb7fcc1
Version: 1d5c7d0a49ec9d8786f266ac6d1d7c4960e1787b
Version: c8000deb68365b461b324d68c7ea89d730f0bb85
Version: c8000deb68365b461b324d68c7ea89d730f0bb85
Version: c8000deb68365b461b324d68c7ea89d730f0bb85
Version: d189e24a42b8bd0ece3d28801d751bf66dba8e92

Linux

Version: 6.11

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/hid/hid-multitouch.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "4263e5851779f7d8ebfbc9cc7d2e9b0217adba8d",
              "status": "affected",
              "version": "7d91a0b2151a9c3b61d44c85c8eba930eddd1dd0",
              "versionType": "git"
            },
            {
              "lessThan": "7ab7311c43ae19c66c53ccd8c5052a9072a4e338",
              "status": "affected",
              "version": "45ec9f17ce46417fc4eccecf388c99e81fb7fcc1",
              "versionType": "git"
            },
            {
              "lessThan": "d4e6e2680807671e1c73cd6a986b33659ce92f2b",
              "status": "affected",
              "version": "1d5c7d0a49ec9d8786f266ac6d1d7c4960e1787b",
              "versionType": "git"
            },
            {
              "lessThan": "3055309821dd3da92888f88bad10f0324c3c89fe",
              "status": "affected",
              "version": "c8000deb68365b461b324d68c7ea89d730f0bb85",
              "versionType": "git"
            },
            {
              "lessThan": "c13e95587583d018cfbcc277df7e02d41902ac5a",
              "status": "affected",
              "version": "c8000deb68365b461b324d68c7ea89d730f0bb85",
              "versionType": "git"
            },
            {
              "lessThan": "0379eb8691b9c4477da0277ae0832036ca4410b4",
              "status": "affected",
              "version": "c8000deb68365b461b324d68c7ea89d730f0bb85",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "d189e24a42b8bd0ece3d28801d751bf66dba8e92",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/hid/hid-multitouch.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.11"
            },
            {
              "lessThan": "6.11",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.191",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.150",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.104",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.45",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.16.*",
              "status": "unaffected",
              "version": "6.16.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.17-rc4",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.191",
                  "versionStartIncluding": "5.15.168",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.150",
                  "versionStartIncluding": "6.1.111",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.104",
                  "versionStartIncluding": "6.6.52",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.45",
                  "versionStartIncluding": "6.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.16.5",
                  "versionStartIncluding": "6.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.17-rc4",
                  "versionStartIncluding": "6.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "6.10.11",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: multitouch: fix slab out-of-bounds access in mt_report_fixup()\n\nA malicious HID device can trigger a slab out-of-bounds during\nmt_report_fixup() by passing in report descriptor smaller than\n607 bytes. mt_report_fixup() attempts to patch byte offset 607\nof the descriptor with 0x25 by first checking if byte offset\n607 is 0x15 however it lacks bounds checks to verify if the\ndescriptor is big enough before conducting this check. Fix\nthis bug by ensuring the descriptor size is at least 608\nbytes before accessing it.\n\nBelow is the KASAN splat after the out of bounds access happens:\n\n[   13.671954] ==================================================================\n[   13.672667] BUG: KASAN: slab-out-of-bounds in mt_report_fixup+0x103/0x110\n[   13.673297] Read of size 1 at addr ffff888103df39df by task kworker/0:1/10\n[   13.673297]\n[   13.673297] CPU: 0 UID: 0 PID: 10 Comm: kworker/0:1 Not tainted 6.15.0-00005-gec5d573d83f4-dirty #3\n[   13.673297] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2-debian-1.16.2-1 04/04\n[   13.673297] Call Trace:\n[   13.673297]  \u003cTASK\u003e\n[   13.673297]  dump_stack_lvl+0x5f/0x80\n[   13.673297]  print_report+0xd1/0x660\n[   13.673297]  kasan_report+0xe5/0x120\n[   13.673297]  __asan_report_load1_noabort+0x18/0x20\n[   13.673297]  mt_report_fixup+0x103/0x110\n[   13.673297]  hid_open_report+0x1ef/0x810\n[   13.673297]  mt_probe+0x422/0x960\n[   13.673297]  hid_device_probe+0x2e2/0x6f0\n[   13.673297]  really_probe+0x1c6/0x6b0\n[   13.673297]  __driver_probe_device+0x24f/0x310\n[   13.673297]  driver_probe_device+0x4e/0x220\n[   13.673297]  __device_attach_driver+0x169/0x320\n[   13.673297]  bus_for_each_drv+0x11d/0x1b0\n[   13.673297]  __device_attach+0x1b8/0x3e0\n[   13.673297]  device_initial_probe+0x12/0x20\n[   13.673297]  bus_probe_device+0x13d/0x180\n[   13.673297]  device_add+0xe3a/0x1670\n[   13.673297]  hid_add_device+0x31d/0xa40\n[...]"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-16T13:00:09.524Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/4263e5851779f7d8ebfbc9cc7d2e9b0217adba8d"
        },
        {
          "url": "https://git.kernel.org/stable/c/7ab7311c43ae19c66c53ccd8c5052a9072a4e338"
        },
        {
          "url": "https://git.kernel.org/stable/c/d4e6e2680807671e1c73cd6a986b33659ce92f2b"
        },
        {
          "url": "https://git.kernel.org/stable/c/3055309821dd3da92888f88bad10f0324c3c89fe"
        },
        {
          "url": "https://git.kernel.org/stable/c/c13e95587583d018cfbcc277df7e02d41902ac5a"
        },
        {
          "url": "https://git.kernel.org/stable/c/0379eb8691b9c4477da0277ae0832036ca4410b4"
        }
      ],
      "title": "HID: multitouch: fix slab out-of-bounds access in mt_report_fixup()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2025-39806",
    "datePublished": "2025-09-16T13:00:09.524Z",
    "dateReserved": "2025-04-16T07:20:57.136Z",
    "dateUpdated": "2025-09-16T13:00:09.524Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-39806\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2025-09-16T13:15:51.303\",\"lastModified\":\"2025-09-18T13:43:45.290\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nHID: multitouch: fix slab out-of-bounds access in mt_report_fixup()\\n\\nA malicious HID device can trigger a slab out-of-bounds during\\nmt_report_fixup() by passing in report descriptor smaller than\\n607 bytes. mt_report_fixup() attempts to patch byte offset 607\\nof the descriptor with 0x25 by first checking if byte offset\\n607 is 0x15 however it lacks bounds checks to verify if the\\ndescriptor is big enough before conducting this check. Fix\\nthis bug by ensuring the descriptor size is at least 608\\nbytes before accessing it.\\n\\nBelow is the KASAN splat after the out of bounds access happens:\\n\\n[   13.671954] ==================================================================\\n[   13.672667] BUG: KASAN: slab-out-of-bounds in mt_report_fixup+0x103/0x110\\n[   13.673297] Read of size 1 at addr ffff888103df39df by task kworker/0:1/10\\n[   13.673297]\\n[   13.673297] CPU: 0 UID: 0 PID: 10 Comm: kworker/0:1 Not tainted 6.15.0-00005-gec5d573d83f4-dirty #3\\n[   13.673297] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2-debian-1.16.2-1 04/04\\n[   13.673297] Call Trace:\\n[   13.673297]  \u003cTASK\u003e\\n[   13.673297]  dump_stack_lvl+0x5f/0x80\\n[   13.673297]  print_report+0xd1/0x660\\n[   13.673297]  kasan_report+0xe5/0x120\\n[   13.673297]  __asan_report_load1_noabort+0x18/0x20\\n[   13.673297]  mt_report_fixup+0x103/0x110\\n[   13.673297]  hid_open_report+0x1ef/0x810\\n[   13.673297]  mt_probe+0x422/0x960\\n[   13.673297]  hid_device_probe+0x2e2/0x6f0\\n[   13.673297]  really_probe+0x1c6/0x6b0\\n[   13.673297]  __driver_probe_device+0x24f/0x310\\n[   13.673297]  driver_probe_device+0x4e/0x220\\n[   13.673297]  __device_attach_driver+0x169/0x320\\n[   13.673297]  bus_for_each_drv+0x11d/0x1b0\\n[   13.673297]  __device_attach+0x1b8/0x3e0\\n[   13.673297]  device_initial_probe+0x12/0x20\\n[   13.673297]  bus_probe_device+0x13d/0x180\\n[   13.673297]  device_add+0xe3a/0x1670\\n[   13.673297]  hid_add_device+0x31d/0xa40\\n[...]\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/0379eb8691b9c4477da0277ae0832036ca4410b4\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/3055309821dd3da92888f88bad10f0324c3c89fe\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/4263e5851779f7d8ebfbc9cc7d2e9b0217adba8d\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/7ab7311c43ae19c66c53ccd8c5052a9072a4e338\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/c13e95587583d018cfbcc277df7e02d41902ac5a\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/d4e6e2680807671e1c73cd6a986b33659ce92f2b\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}"
  }
}

fkie_cve-2025-39806

Vulnerability from fkie_nvd

Published

2025-09-16 13:15

Modified

2025-09-18 13:43

Severity ?

Summary

References

▼	URL	Tags
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/0379eb8691b9c4477da0277ae0832036ca4410b4
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/3055309821dd3da92888f88bad10f0324c3c89fe
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/4263e5851779f7d8ebfbc9cc7d2e9b0217adba8d
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/7ab7311c43ae19c66c53ccd8c5052a9072a4e338
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/c13e95587583d018cfbcc277df7e02d41902ac5a
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/d4e6e2680807671e1c73cd6a986b33659ce92f2b

Impacted products

	Vendor	Product	Version

JSON

To clipboard

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: multitouch: fix slab out-of-bounds access in mt_report_fixup()\n\nA malicious HID device can trigger a slab out-of-bounds during\nmt_report_fixup() by passing in report descriptor smaller than\n607 bytes. mt_report_fixup() attempts to patch byte offset 607\nof the descriptor with 0x25 by first checking if byte offset\n607 is 0x15 however it lacks bounds checks to verify if the\ndescriptor is big enough before conducting this check. Fix\nthis bug by ensuring the descriptor size is at least 608\nbytes before accessing it.\n\nBelow is the KASAN splat after the out of bounds access happens:\n\n[   13.671954] ==================================================================\n[   13.672667] BUG: KASAN: slab-out-of-bounds in mt_report_fixup+0x103/0x110\n[   13.673297] Read of size 1 at addr ffff888103df39df by task kworker/0:1/10\n[   13.673297]\n[   13.673297] CPU: 0 UID: 0 PID: 10 Comm: kworker/0:1 Not tainted 6.15.0-00005-gec5d573d83f4-dirty #3\n[   13.673297] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2-debian-1.16.2-1 04/04\n[   13.673297] Call Trace:\n[   13.673297]  \u003cTASK\u003e\n[   13.673297]  dump_stack_lvl+0x5f/0x80\n[   13.673297]  print_report+0xd1/0x660\n[   13.673297]  kasan_report+0xe5/0x120\n[   13.673297]  __asan_report_load1_noabort+0x18/0x20\n[   13.673297]  mt_report_fixup+0x103/0x110\n[   13.673297]  hid_open_report+0x1ef/0x810\n[   13.673297]  mt_probe+0x422/0x960\n[   13.673297]  hid_device_probe+0x2e2/0x6f0\n[   13.673297]  really_probe+0x1c6/0x6b0\n[   13.673297]  __driver_probe_device+0x24f/0x310\n[   13.673297]  driver_probe_device+0x4e/0x220\n[   13.673297]  __device_attach_driver+0x169/0x320\n[   13.673297]  bus_for_each_drv+0x11d/0x1b0\n[   13.673297]  __device_attach+0x1b8/0x3e0\n[   13.673297]  device_initial_probe+0x12/0x20\n[   13.673297]  bus_probe_device+0x13d/0x180\n[   13.673297]  device_add+0xe3a/0x1670\n[   13.673297]  hid_add_device+0x31d/0xa40\n[...]"
    }
  ],
  "id": "CVE-2025-39806",
  "lastModified": "2025-09-18T13:43:45.290",
  "metrics": {},
  "published": "2025-09-16T13:15:51.303",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/0379eb8691b9c4477da0277ae0832036ca4410b4"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/3055309821dd3da92888f88bad10f0324c3c89fe"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/4263e5851779f7d8ebfbc9cc7d2e9b0217adba8d"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/7ab7311c43ae19c66c53ccd8c5052a9072a4e338"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/c13e95587583d018cfbcc277df7e02d41902ac5a"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/d4e6e2680807671e1c73cd6a986b33659ce92f2b"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Awaiting Analysis"
}

wid-sec-w-2025-2077

Vulnerability from csaf_certbund

Published

2025-09-16 22:00

Modified

2025-09-22 22:00

Summary

Linux Kernel: Mehrere Schwachstellen

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

Der Kernel stellt den Kern des Linux Betriebssystems dar.

Angriff

Ein Angreifer kann mehrere Schwachstellen im Linux Kernel ausnutzen, um einen Denial of Service Angriff durchzuführen oder nicht näher beschriebene Auswirkungen zu erzielen.

Betroffene Betriebssysteme

- Linux

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Der Kernel stellt den Kern des Linux Betriebssystems dar.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein Angreifer kann mehrere Schwachstellen im Linux Kernel ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren oder nicht n\u00e4her beschriebene Auswirkungen zu erzielen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2025-2077 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-2077.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2025-2077 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-2077"
      },
      {
        "category": "external",
        "summary": "Kernel CVE Announce Mailingliste",
        "url": "https://lore.kernel.org/linux-cve-announce/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2022-50339",
        "url": "https://lore.kernel.org/linux-cve-announce/2025091636-CVE-2022-50339-bc17@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2022-50340",
        "url": "https://lore.kernel.org/linux-cve-announce/2025091638-CVE-2022-50340-693e@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2022-50341",
        "url": "https://lore.kernel.org/linux-cve-announce/2025091638-CVE-2022-50341-12c1@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2022-50342",
        "url": "https://lore.kernel.org/linux-cve-announce/2025091639-CVE-2022-50342-d7ef@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2022-50343",
        "url": "https://lore.kernel.org/linux-cve-announce/2025091639-CVE-2022-50343-75e3@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2022-50344",
        "url": "https://lore.kernel.org/linux-cve-announce/2025091639-CVE-2022-50344-8893@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2022-50345",
        "url": "https://lore.kernel.org/linux-cve-announce/2025091639-CVE-2022-50345-a1ff@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2022-50346",
        "url": "https://lore.kernel.org/linux-cve-announce/2025091639-CVE-2022-50346-49b1@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2022-50347",
        "url": "https://lore.kernel.org/linux-cve-announce/2025091640-CVE-2022-50347-33c3@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2022-50348",
        "url": "https://lore.kernel.org/linux-cve-announce/2025091640-CVE-2022-50348-534c@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2022-50349",
        "url": "https://lore.kernel.org/linux-cve-announce/2025091640-CVE-2022-50349-cc37@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2022-50350",
        "url": "https://lore.kernel.org/linux-cve-announce/2025091640-CVE-2022-50350-31bb@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2022-50351",
        "url": "https://lore.kernel.org/linux-cve-announce/2025091640-CVE-2022-50351-ac59@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2022-50352",
        "url": "https://lore.kernel.org/linux-cve-announce/2025091641-CVE-2022-50352-8531@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2023-53304",
        "url": "https://lore.kernel.org/linux-cve-announce/2025091641-CVE-2023-53304-9a57@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2023-53305",
        "url": "https://lore.kernel.org/linux-cve-announce/2025091641-CVE-2023-53305-b8fe@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2023-53306",
        "url": "https://lore.kernel.org/linux-cve-announce/2025091641-CVE-2023-53306-b665@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2023-53307",
        "url": "https://lore.kernel.org/linux-cve-announce/2025091641-CVE-2023-53307-129b@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2023-53308",
        "url": "https://lore.kernel.org/linux-cve-announce/2025091641-CVE-2023-53308-51a1@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2023-53309",
        "url": "https://lore.kernel.org/linux-cve-announce/2025091642-CVE-2023-53309-005a@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2023-53310",
        "url": "https://lore.kernel.org/linux-cve-announce/2025091642-CVE-2023-53310-8d40@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2023-53311",
        "url": "https://lore.kernel.org/linux-cve-announce/2025091642-CVE-2023-53311-bff3@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2023-53312",
        "url": "https://lore.kernel.org/linux-cve-announce/2025091642-CVE-2023-53312-a16b@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2023-53313",
        "url": "https://lore.kernel.org/linux-cve-announce/2025091642-CVE-2023-53313-0f1c@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2023-53314",
        "url": "https://lore.kernel.org/linux-cve-announce/2025091643-CVE-2023-53314-b727@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2023-53315",
        "url": "https://lore.kernel.org/linux-cve-announce/2025091643-CVE-2023-53315-2711@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2023-53316",
        "url": "https://lore.kernel.org/linux-cve-announce/2025091643-CVE-2023-53316-fb3d@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2023-53317",
        "url": "https://lore.kernel.org/linux-cve-announce/2025091643-CVE-2023-53317-c945@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2023-53318",
        "url": "https://lore.kernel.org/linux-cve-announce/2025091643-CVE-2023-53318-633b@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2023-53319",
        "url": "https://lore.kernel.org/linux-cve-announce/2025091643-CVE-2023-53319-4fd2@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2023-53320",
        "url": "https://lore.kernel.org/linux-cve-announce/2025091644-CVE-2023-53320-d419@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2023-53321",
        "url": "https://lore.kernel.org/linux-cve-announce/2025091644-CVE-2023-53321-0003@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2023-53322",
        "url": "https://lore.kernel.org/linux-cve-announce/2025091644-CVE-2023-53322-45ba@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2023-53323",
        "url": "https://lore.kernel.org/linux-cve-announce/2025091644-CVE-2023-53323-6a1b@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2023-53324",
        "url": "https://lore.kernel.org/linux-cve-announce/2025091644-CVE-2023-53324-631a@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2023-53325",
        "url": "https://lore.kernel.org/linux-cve-announce/2025091644-CVE-2023-53325-a6b9@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2023-53326",
        "url": "https://lore.kernel.org/linux-cve-announce/2025091645-CVE-2023-53326-7ff5@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2023-53327",
        "url": "https://lore.kernel.org/linux-cve-announce/2025091645-CVE-2023-53327-55c1@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2023-53328",
        "url": "https://lore.kernel.org/linux-cve-announce/2025091645-CVE-2023-53328-07a7@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2023-53329",
        "url": "https://lore.kernel.org/linux-cve-announce/2025091645-CVE-2023-53329-d1d9@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2023-53330",
        "url": "https://lore.kernel.org/linux-cve-announce/2025091645-CVE-2023-53330-8d89@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2023-53331",
        "url": "https://lore.kernel.org/linux-cve-announce/2025091645-CVE-2023-53331-50a3@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2023-53332",
        "url": "https://lore.kernel.org/linux-cve-announce/2025091646-CVE-2023-53332-9a4d@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2023-53333",
        "url": "https://lore.kernel.org/linux-cve-announce/2025091646-CVE-2023-53333-f2b8@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2023-53334",
        "url": "https://lore.kernel.org/linux-cve-announce/2025091646-CVE-2023-53334-bd19@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-39805",
        "url": "https://lore.kernel.org/linux-cve-announce/2025091610-CVE-2025-39805-2871@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-39806",
        "url": "https://lore.kernel.org/linux-cve-announce/2025091613-CVE-2025-39806-f74d@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-39807",
        "url": "https://lore.kernel.org/linux-cve-announce/2025091613-CVE-2025-39807-4c3b@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-39808",
        "url": "https://lore.kernel.org/linux-cve-announce/2025091613-CVE-2025-39808-a964@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-39809",
        "url": "https://lore.kernel.org/linux-cve-announce/2025091614-CVE-2025-39809-396d@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-39810",
        "url": "https://lore.kernel.org/linux-cve-announce/2025091614-CVE-2025-39810-ed5c@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-39811",
        "url": "https://lore.kernel.org/linux-cve-announce/2025091614-CVE-2025-39811-535b@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-39812",
        "url": "https://lore.kernel.org/linux-cve-announce/2025091614-CVE-2025-39812-8a89@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-39813",
        "url": "https://lore.kernel.org/linux-cve-announce/2025091614-CVE-2025-39813-295c@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-39814",
        "url": "https://lore.kernel.org/linux-cve-announce/2025091614-CVE-2025-39814-1765@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-39815",
        "url": "https://lore.kernel.org/linux-cve-announce/2025091615-CVE-2025-39815-a663@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-39816",
        "url": "https://lore.kernel.org/linux-cve-announce/2025091615-CVE-2025-39816-f21d@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-39817",
        "url": "https://lore.kernel.org/linux-cve-announce/2025091615-CVE-2025-39817-90b7@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-39818",
        "url": "https://lore.kernel.org/linux-cve-announce/2025091615-CVE-2025-39818-f1b9@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-39819",
        "url": "https://lore.kernel.org/linux-cve-announce/2025091615-CVE-2025-39819-d3c9@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-39820",
        "url": "https://lore.kernel.org/linux-cve-announce/2025091615-CVE-2025-39820-50d7@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-39821",
        "url": "https://lore.kernel.org/linux-cve-announce/2025091616-CVE-2025-39821-3812@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-39822",
        "url": "https://lore.kernel.org/linux-cve-announce/2025091616-CVE-2025-39822-454e@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-39823",
        "url": "https://lore.kernel.org/linux-cve-announce/2025091616-CVE-2025-39823-f9bf@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-39824",
        "url": "https://lore.kernel.org/linux-cve-announce/2025091616-CVE-2025-39824-6491@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-39825",
        "url": "https://lore.kernel.org/linux-cve-announce/2025091616-CVE-2025-39825-8a7a@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-39826",
        "url": "https://lore.kernel.org/linux-cve-announce/2025091616-CVE-2025-39826-e096@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-39827",
        "url": "https://lore.kernel.org/linux-cve-announce/2025091617-CVE-2025-39827-0c7c@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-39828",
        "url": "https://lore.kernel.org/linux-cve-announce/2025091617-CVE-2025-39828-c69f@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-39829",
        "url": "https://lore.kernel.org/linux-cve-announce/2025091617-CVE-2025-39829-2ef1@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-39830",
        "url": "https://lore.kernel.org/linux-cve-announce/2025091657-CVE-2025-39830-5341@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-39831",
        "url": "https://lore.kernel.org/linux-cve-announce/2025091657-CVE-2025-39831-1112@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-39832",
        "url": "https://lore.kernel.org/linux-cve-announce/2025091657-CVE-2025-39832-6bbc@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-39833",
        "url": "https://lore.kernel.org/linux-cve-announce/2025091657-CVE-2025-39833-c2ef@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-39834",
        "url": "https://lore.kernel.org/linux-cve-announce/2025091657-CVE-2025-39834-4d8f@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-39835",
        "url": "https://lore.kernel.org/linux-cve-announce/2025091658-CVE-2025-39835-6f82@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-39836",
        "url": "https://lore.kernel.org/linux-cve-announce/2025091658-CVE-2025-39836-49ce@gregkh/"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DSA-6008 vom 2025-09-23",
        "url": "https://lists.debian.org/debian-security-announce/2025/msg00172.html"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DSA-6009 vom 2025-09-23",
        "url": "https://lists.debian.org/debian-security-announce/2025/msg00173.html"
      }
    ],
    "source_lang": "en-US",
    "title": "Linux Kernel: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2025-09-22T22:00:00.000+00:00",
      "generator": {
        "date": "2025-09-23T04:57:09.940+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.4.0"
        }
      },
      "id": "WID-SEC-W-2025-2077",
      "initial_release_date": "2025-09-16T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2025-09-16T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2025-09-22T22:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von Debian aufgenommen"
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Debian Linux",
            "product": {
              "name": "Debian Linux",
              "product_id": "2951",
              "product_identification_helper": {
                "cpe": "cpe:/o:debian:debian_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Debian"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Open Source Linux Kernel",
            "product": {
              "name": "Open Source Linux Kernel",
              "product_id": "T028463",
              "product_identification_helper": {
                "cpe": "cpe:/o:linux:linux_kernel:unspecified"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Open Source"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2022-50339",
      "product_status": {
        "known_affected": [
          "T028463",
          "2951"
        ]
      },
      "release_date": "2025-09-16T22:00:00.000+00:00",
      "title": "CVE-2022-50339"
    },
    {
      "cve": "CVE-2022-50340",
      "product_status": {
        "known_affected": [
          "T028463",
          "2951"
        ]
      },
      "release_date": "2025-09-16T22:00:00.000+00:00",
      "title": "CVE-2022-50340"
    },
    {
      "cve": "CVE-2022-50341",
      "product_status": {
        "known_affected": [
          "T028463",
          "2951"
        ]
      },
      "release_date": "2025-09-16T22:00:00.000+00:00",
      "title": "CVE-2022-50341"
    },
    {
      "cve": "CVE-2022-50342",
      "product_status": {
        "known_affected": [
          "T028463",
          "2951"
        ]
      },
      "release_date": "2025-09-16T22:00:00.000+00:00",
      "title": "CVE-2022-50342"
    },
    {
      "cve": "CVE-2022-50343",
      "product_status": {
        "known_affected": [
          "T028463",
          "2951"
        ]
      },
      "release_date": "2025-09-16T22:00:00.000+00:00",
      "title": "CVE-2022-50343"
    },
    {
      "cve": "CVE-2022-50344",
      "product_status": {
        "known_affected": [
          "T028463",
          "2951"
        ]
      },
      "release_date": "2025-09-16T22:00:00.000+00:00",
      "title": "CVE-2022-50344"
    },
    {
      "cve": "CVE-2022-50345",
      "product_status": {
        "known_affected": [
          "T028463",
          "2951"
        ]
      },
      "release_date": "2025-09-16T22:00:00.000+00:00",
      "title": "CVE-2022-50345"
    },
    {
      "cve": "CVE-2022-50346",
      "product_status": {
        "known_affected": [
          "T028463",
          "2951"
        ]
      },
      "release_date": "2025-09-16T22:00:00.000+00:00",
      "title": "CVE-2022-50346"
    },
    {
      "cve": "CVE-2022-50347",
      "product_status": {
        "known_affected": [
          "T028463",
          "2951"
        ]
      },
      "release_date": "2025-09-16T22:00:00.000+00:00",
      "title": "CVE-2022-50347"
    },
    {
      "cve": "CVE-2022-50348",
      "product_status": {
        "known_affected": [
          "T028463",
          "2951"
        ]
      },
      "release_date": "2025-09-16T22:00:00.000+00:00",
      "title": "CVE-2022-50348"
    },
    {
      "cve": "CVE-2022-50349",
      "product_status": {
        "known_affected": [
          "T028463",
          "2951"
        ]
      },
      "release_date": "2025-09-16T22:00:00.000+00:00",
      "title": "CVE-2022-50349"
    },
    {
      "cve": "CVE-2022-50350",
      "product_status": {
        "known_affected": [
          "T028463",
          "2951"
        ]
      },
      "release_date": "2025-09-16T22:00:00.000+00:00",
      "title": "CVE-2022-50350"
    },
    {
      "cve": "CVE-2022-50351",
      "product_status": {
        "known_affected": [
          "T028463",
          "2951"
        ]
      },
      "release_date": "2025-09-16T22:00:00.000+00:00",
      "title": "CVE-2022-50351"
    },
    {
      "cve": "CVE-2022-50352",
      "product_status": {
        "known_affected": [
          "T028463",
          "2951"
        ]
      },
      "release_date": "2025-09-16T22:00:00.000+00:00",
      "title": "CVE-2022-50352"
    },
    {
      "cve": "CVE-2023-53304",
      "product_status": {
        "known_affected": [
          "T028463",
          "2951"
        ]
      },
      "release_date": "2025-09-16T22:00:00.000+00:00",
      "title": "CVE-2023-53304"
    },
    {
      "cve": "CVE-2023-53305",
      "product_status": {
        "known_affected": [
          "T028463",
          "2951"
        ]
      },
      "release_date": "2025-09-16T22:00:00.000+00:00",
      "title": "CVE-2023-53305"
    },
    {
      "cve": "CVE-2023-53306",
      "product_status": {
        "known_affected": [
          "T028463",
          "2951"
        ]
      },
      "release_date": "2025-09-16T22:00:00.000+00:00",
      "title": "CVE-2023-53306"
    },
    {
      "cve": "CVE-2023-53307",
      "product_status": {
        "known_affected": [
          "T028463",
          "2951"
        ]
      },
      "release_date": "2025-09-16T22:00:00.000+00:00",
      "title": "CVE-2023-53307"
    },
    {
      "cve": "CVE-2023-53308",
      "product_status": {
        "known_affected": [
          "T028463",
          "2951"
        ]
      },
      "release_date": "2025-09-16T22:00:00.000+00:00",
      "title": "CVE-2023-53308"
    },
    {
      "cve": "CVE-2023-53309",
      "product_status": {
        "known_affected": [
          "T028463",
          "2951"
        ]
      },
      "release_date": "2025-09-16T22:00:00.000+00:00",
      "title": "CVE-2023-53309"
    },
    {
      "cve": "CVE-2023-53310",
      "product_status": {
        "known_affected": [
          "T028463",
          "2951"
        ]
      },
      "release_date": "2025-09-16T22:00:00.000+00:00",
      "title": "CVE-2023-53310"
    },
    {
      "cve": "CVE-2023-53311",
      "product_status": {
        "known_affected": [
          "T028463",
          "2951"
        ]
      },
      "release_date": "2025-09-16T22:00:00.000+00:00",
      "title": "CVE-2023-53311"
    },
    {
      "cve": "CVE-2023-53312",
      "product_status": {
        "known_affected": [
          "T028463",
          "2951"
        ]
      },
      "release_date": "2025-09-16T22:00:00.000+00:00",
      "title": "CVE-2023-53312"
    },
    {
      "cve": "CVE-2023-53313",
      "product_status": {
        "known_affected": [
          "T028463",
          "2951"
        ]
      },
      "release_date": "2025-09-16T22:00:00.000+00:00",
      "title": "CVE-2023-53313"
    },
    {
      "cve": "CVE-2023-53314",
      "product_status": {
        "known_affected": [
          "T028463",
          "2951"
        ]
      },
      "release_date": "2025-09-16T22:00:00.000+00:00",
      "title": "CVE-2023-53314"
    },
    {
      "cve": "CVE-2023-53315",
      "product_status": {
        "known_affected": [
          "T028463",
          "2951"
        ]
      },
      "release_date": "2025-09-16T22:00:00.000+00:00",
      "title": "CVE-2023-53315"
    },
    {
      "cve": "CVE-2023-53316",
      "product_status": {
        "known_affected": [
          "T028463",
          "2951"
        ]
      },
      "release_date": "2025-09-16T22:00:00.000+00:00",
      "title": "CVE-2023-53316"
    },
    {
      "cve": "CVE-2023-53317",
      "product_status": {
        "known_affected": [
          "T028463",
          "2951"
        ]
      },
      "release_date": "2025-09-16T22:00:00.000+00:00",
      "title": "CVE-2023-53317"
    },
    {
      "cve": "CVE-2023-53318",
      "product_status": {
        "known_affected": [
          "T028463",
          "2951"
        ]
      },
      "release_date": "2025-09-16T22:00:00.000+00:00",
      "title": "CVE-2023-53318"
    },
    {
      "cve": "CVE-2023-53319",
      "product_status": {
        "known_affected": [
          "T028463",
          "2951"
        ]
      },
      "release_date": "2025-09-16T22:00:00.000+00:00",
      "title": "CVE-2023-53319"
    },
    {
      "cve": "CVE-2023-53320",
      "product_status": {
        "known_affected": [
          "T028463",
          "2951"
        ]
      },
      "release_date": "2025-09-16T22:00:00.000+00:00",
      "title": "CVE-2023-53320"
    },
    {
      "cve": "CVE-2023-53321",
      "product_status": {
        "known_affected": [
          "T028463",
          "2951"
        ]
      },
      "release_date": "2025-09-16T22:00:00.000+00:00",
      "title": "CVE-2023-53321"
    },
    {
      "cve": "CVE-2023-53322",
      "product_status": {
        "known_affected": [
          "T028463",
          "2951"
        ]
      },
      "release_date": "2025-09-16T22:00:00.000+00:00",
      "title": "CVE-2023-53322"
    },
    {
      "cve": "CVE-2023-53323",
      "product_status": {
        "known_affected": [
          "T028463",
          "2951"
        ]
      },
      "release_date": "2025-09-16T22:00:00.000+00:00",
      "title": "CVE-2023-53323"
    },
    {
      "cve": "CVE-2023-53324",
      "product_status": {
        "known_affected": [
          "T028463",
          "2951"
        ]
      },
      "release_date": "2025-09-16T22:00:00.000+00:00",
      "title": "CVE-2023-53324"
    },
    {
      "cve": "CVE-2023-53325",
      "product_status": {
        "known_affected": [
          "T028463",
          "2951"
        ]
      },
      "release_date": "2025-09-16T22:00:00.000+00:00",
      "title": "CVE-2023-53325"
    },
    {
      "cve": "CVE-2023-53326",
      "product_status": {
        "known_affected": [
          "T028463",
          "2951"
        ]
      },
      "release_date": "2025-09-16T22:00:00.000+00:00",
      "title": "CVE-2023-53326"
    },
    {
      "cve": "CVE-2023-53327",
      "product_status": {
        "known_affected": [
          "T028463",
          "2951"
        ]
      },
      "release_date": "2025-09-16T22:00:00.000+00:00",
      "title": "CVE-2023-53327"
    },
    {
      "cve": "CVE-2023-53328",
      "product_status": {
        "known_affected": [
          "T028463",
          "2951"
        ]
      },
      "release_date": "2025-09-16T22:00:00.000+00:00",
      "title": "CVE-2023-53328"
    },
    {
      "cve": "CVE-2023-53329",
      "product_status": {
        "known_affected": [
          "T028463",
          "2951"
        ]
      },
      "release_date": "2025-09-16T22:00:00.000+00:00",
      "title": "CVE-2023-53329"
    },
    {
      "cve": "CVE-2023-53330",
      "product_status": {
        "known_affected": [
          "T028463",
          "2951"
        ]
      },
      "release_date": "2025-09-16T22:00:00.000+00:00",
      "title": "CVE-2023-53330"
    },
    {
      "cve": "CVE-2023-53331",
      "product_status": {
        "known_affected": [
          "T028463",
          "2951"
        ]
      },
      "release_date": "2025-09-16T22:00:00.000+00:00",
      "title": "CVE-2023-53331"
    },
    {
      "cve": "CVE-2023-53332",
      "product_status": {
        "known_affected": [
          "T028463",
          "2951"
        ]
      },
      "release_date": "2025-09-16T22:00:00.000+00:00",
      "title": "CVE-2023-53332"
    },
    {
      "cve": "CVE-2023-53333",
      "product_status": {
        "known_affected": [
          "T028463",
          "2951"
        ]
      },
      "release_date": "2025-09-16T22:00:00.000+00:00",
      "title": "CVE-2023-53333"
    },
    {
      "cve": "CVE-2023-53334",
      "product_status": {
        "known_affected": [
          "T028463",
          "2951"
        ]
      },
      "release_date": "2025-09-16T22:00:00.000+00:00",
      "title": "CVE-2023-53334"
    },
    {
      "cve": "CVE-2025-39805",
      "product_status": {
        "known_affected": [
          "T028463",
          "2951"
        ]
      },
      "release_date": "2025-09-16T22:00:00.000+00:00",
      "title": "CVE-2025-39805"
    },
    {
      "cve": "CVE-2025-39806",
      "product_status": {
        "known_affected": [
          "T028463",
          "2951"
        ]
      },
      "release_date": "2025-09-16T22:00:00.000+00:00",
      "title": "CVE-2025-39806"
    },
    {
      "cve": "CVE-2025-39807",
      "product_status": {
        "known_affected": [
          "T028463",
          "2951"
        ]
      },
      "release_date": "2025-09-16T22:00:00.000+00:00",
      "title": "CVE-2025-39807"
    },
    {
      "cve": "CVE-2025-39808",
      "product_status": {
        "known_affected": [
          "T028463",
          "2951"
        ]
      },
      "release_date": "2025-09-16T22:00:00.000+00:00",
      "title": "CVE-2025-39808"
    },
    {
      "cve": "CVE-2025-39809",
      "product_status": {
        "known_affected": [
          "T028463",
          "2951"
        ]
      },
      "release_date": "2025-09-16T22:00:00.000+00:00",
      "title": "CVE-2025-39809"
    },
    {
      "cve": "CVE-2025-39810",
      "product_status": {
        "known_affected": [
          "T028463",
          "2951"
        ]
      },
      "release_date": "2025-09-16T22:00:00.000+00:00",
      "title": "CVE-2025-39810"
    },
    {
      "cve": "CVE-2025-39811",
      "product_status": {
        "known_affected": [
          "T028463",
          "2951"
        ]
      },
      "release_date": "2025-09-16T22:00:00.000+00:00",
      "title": "CVE-2025-39811"
    },
    {
      "cve": "CVE-2025-39812",
      "product_status": {
        "known_affected": [
          "T028463",
          "2951"
        ]
      },
      "release_date": "2025-09-16T22:00:00.000+00:00",
      "title": "CVE-2025-39812"
    },
    {
      "cve": "CVE-2025-39813",
      "product_status": {
        "known_affected": [
          "T028463",
          "2951"
        ]
      },
      "release_date": "2025-09-16T22:00:00.000+00:00",
      "title": "CVE-2025-39813"
    },
    {
      "cve": "CVE-2025-39814",
      "product_status": {
        "known_affected": [
          "T028463",
          "2951"
        ]
      },
      "release_date": "2025-09-16T22:00:00.000+00:00",
      "title": "CVE-2025-39814"
    },
    {
      "cve": "CVE-2025-39815",
      "product_status": {
        "known_affected": [
          "T028463",
          "2951"
        ]
      },
      "release_date": "2025-09-16T22:00:00.000+00:00",
      "title": "CVE-2025-39815"
    },
    {
      "cve": "CVE-2025-39816",
      "product_status": {
        "known_affected": [
          "T028463",
          "2951"
        ]
      },
      "release_date": "2025-09-16T22:00:00.000+00:00",
      "title": "CVE-2025-39816"
    },
    {
      "cve": "CVE-2025-39817",
      "product_status": {
        "known_affected": [
          "T028463",
          "2951"
        ]
      },
      "release_date": "2025-09-16T22:00:00.000+00:00",
      "title": "CVE-2025-39817"
    },
    {
      "cve": "CVE-2025-39818",
      "product_status": {
        "known_affected": [
          "T028463",
          "2951"
        ]
      },
      "release_date": "2025-09-16T22:00:00.000+00:00",
      "title": "CVE-2025-39818"
    },
    {
      "cve": "CVE-2025-39819",
      "product_status": {
        "known_affected": [
          "T028463",
          "2951"
        ]
      },
      "release_date": "2025-09-16T22:00:00.000+00:00",
      "title": "CVE-2025-39819"
    },
    {
      "cve": "CVE-2025-39820",
      "product_status": {
        "known_affected": [
          "T028463",
          "2951"
        ]
      },
      "release_date": "2025-09-16T22:00:00.000+00:00",
      "title": "CVE-2025-39820"
    },
    {
      "cve": "CVE-2025-39821",
      "product_status": {
        "known_affected": [
          "T028463",
          "2951"
        ]
      },
      "release_date": "2025-09-16T22:00:00.000+00:00",
      "title": "CVE-2025-39821"
    },
    {
      "cve": "CVE-2025-39822",
      "product_status": {
        "known_affected": [
          "T028463",
          "2951"
        ]
      },
      "release_date": "2025-09-16T22:00:00.000+00:00",
      "title": "CVE-2025-39822"
    },
    {
      "cve": "CVE-2025-39823",
      "product_status": {
        "known_affected": [
          "T028463",
          "2951"
        ]
      },
      "release_date": "2025-09-16T22:00:00.000+00:00",
      "title": "CVE-2025-39823"
    },
    {
      "cve": "CVE-2025-39824",
      "product_status": {
        "known_affected": [
          "T028463",
          "2951"
        ]
      },
      "release_date": "2025-09-16T22:00:00.000+00:00",
      "title": "CVE-2025-39824"
    },
    {
      "cve": "CVE-2025-39825",
      "product_status": {
        "known_affected": [
          "T028463",
          "2951"
        ]
      },
      "release_date": "2025-09-16T22:00:00.000+00:00",
      "title": "CVE-2025-39825"
    },
    {
      "cve": "CVE-2025-39826",
      "product_status": {
        "known_affected": [
          "T028463",
          "2951"
        ]
      },
      "release_date": "2025-09-16T22:00:00.000+00:00",
      "title": "CVE-2025-39826"
    },
    {
      "cve": "CVE-2025-39827",
      "product_status": {
        "known_affected": [
          "T028463",
          "2951"
        ]
      },
      "release_date": "2025-09-16T22:00:00.000+00:00",
      "title": "CVE-2025-39827"
    },
    {
      "cve": "CVE-2025-39828",
      "product_status": {
        "known_affected": [
          "T028463",
          "2951"
        ]
      },
      "release_date": "2025-09-16T22:00:00.000+00:00",
      "title": "CVE-2025-39828"
    },
    {
      "cve": "CVE-2025-39829",
      "product_status": {
        "known_affected": [
          "T028463",
          "2951"
        ]
      },
      "release_date": "2025-09-16T22:00:00.000+00:00",
      "title": "CVE-2025-39829"
    },
    {
      "cve": "CVE-2025-39830",
      "product_status": {
        "known_affected": [
          "T028463",
          "2951"
        ]
      },
      "release_date": "2025-09-16T22:00:00.000+00:00",
      "title": "CVE-2025-39830"
    },
    {
      "cve": "CVE-2025-39831",
      "product_status": {
        "known_affected": [
          "T028463",
          "2951"
        ]
      },
      "release_date": "2025-09-16T22:00:00.000+00:00",
      "title": "CVE-2025-39831"
    },
    {
      "cve": "CVE-2025-39832",
      "product_status": {
        "known_affected": [
          "T028463",
          "2951"
        ]
      },
      "release_date": "2025-09-16T22:00:00.000+00:00",
      "title": "CVE-2025-39832"
    },
    {
      "cve": "CVE-2025-39833",
      "product_status": {
        "known_affected": [
          "T028463",
          "2951"
        ]
      },
      "release_date": "2025-09-16T22:00:00.000+00:00",
      "title": "CVE-2025-39833"
    },
    {
      "cve": "CVE-2025-39834",
      "product_status": {
        "known_affected": [
          "T028463",
          "2951"
        ]
      },
      "release_date": "2025-09-16T22:00:00.000+00:00",
      "title": "CVE-2025-39834"
    },
    {
      "cve": "CVE-2025-39835",
      "product_status": {
        "known_affected": [
          "T028463",
          "2951"
        ]
      },
      "release_date": "2025-09-16T22:00:00.000+00:00",
      "title": "CVE-2025-39835"
    },
    {
      "cve": "CVE-2025-39836",
      "product_status": {
        "known_affected": [
          "T028463",
          "2951"
        ]
      },
      "release_date": "2025-09-16T22:00:00.000+00:00",
      "title": "CVE-2025-39836"
    }
  ]
}

ghsa-r5jq-cwp5-xxhf

Vulnerability from github

Published

2025-09-16 15:32

Modified

2025-09-16 15:32

Details

In the Linux kernel, the following vulnerability has been resolved:

HID: multitouch: fix slab out-of-bounds access in mt_report_fixup()

A malicious HID device can trigger a slab out-of-bounds during mt_report_fixup() by passing in report descriptor smaller than 607 bytes. mt_report_fixup() attempts to patch byte offset 607 of the descriptor with 0x25 by first checking if byte offset 607 is 0x15 however it lacks bounds checks to verify if the descriptor is big enough before conducting this check. Fix this bug by ensuring the descriptor size is at least 608 bytes before accessing it.

Below is the KASAN splat after the out of bounds access happens:

[ 13.671954] ================================================================== [ 13.672667] BUG: KASAN: slab-out-of-bounds in mt_report_fixup+0x103/0x110 [ 13.673297] Read of size 1 at addr ffff888103df39df by task kworker/0:1/10 [ 13.673297] [ 13.673297] CPU: 0 UID: 0 PID: 10 Comm: kworker/0:1 Not tainted 6.15.0-00005-gec5d573d83f4-dirty #3 [ 13.673297] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2-debian-1.16.2-1 04/04 [ 13.673297] Call Trace: [ 13.673297] [ 13.673297] dump_stack_lvl+0x5f/0x80 [ 13.673297] print_report+0xd1/0x660 [ 13.673297] kasan_report+0xe5/0x120 [ 13.673297] __asan_report_load1_noabort+0x18/0x20 [ 13.673297] mt_report_fixup+0x103/0x110 [ 13.673297] hid_open_report+0x1ef/0x810 [ 13.673297] mt_probe+0x422/0x960 [ 13.673297] hid_device_probe+0x2e2/0x6f0 [ 13.673297] really_probe+0x1c6/0x6b0 [ 13.673297] __driver_probe_device+0x24f/0x310 [ 13.673297] driver_probe_device+0x4e/0x220 [ 13.673297] __device_attach_driver+0x169/0x320 [ 13.673297] bus_for_each_drv+0x11d/0x1b0 [ 13.673297] __device_attach+0x1b8/0x3e0 [ 13.673297] device_initial_probe+0x12/0x20 [ 13.673297] bus_probe_device+0x13d/0x180 [ 13.673297] device_add+0xe3a/0x1670 [ 13.673297] hid_add_device+0x31d/0xa40 [...]

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2025-39806"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-09-16T13:15:51Z",
    "severity": null
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: multitouch: fix slab out-of-bounds access in mt_report_fixup()\n\nA malicious HID device can trigger a slab out-of-bounds during\nmt_report_fixup() by passing in report descriptor smaller than\n607 bytes. mt_report_fixup() attempts to patch byte offset 607\nof the descriptor with 0x25 by first checking if byte offset\n607 is 0x15 however it lacks bounds checks to verify if the\ndescriptor is big enough before conducting this check. Fix\nthis bug by ensuring the descriptor size is at least 608\nbytes before accessing it.\n\nBelow is the KASAN splat after the out of bounds access happens:\n\n[   13.671954] ==================================================================\n[   13.672667] BUG: KASAN: slab-out-of-bounds in mt_report_fixup+0x103/0x110\n[   13.673297] Read of size 1 at addr ffff888103df39df by task kworker/0:1/10\n[   13.673297]\n[   13.673297] CPU: 0 UID: 0 PID: 10 Comm: kworker/0:1 Not tainted 6.15.0-00005-gec5d573d83f4-dirty #3\n[   13.673297] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2-debian-1.16.2-1 04/04\n[   13.673297] Call Trace:\n[   13.673297]  \u003cTASK\u003e\n[   13.673297]  dump_stack_lvl+0x5f/0x80\n[   13.673297]  print_report+0xd1/0x660\n[   13.673297]  kasan_report+0xe5/0x120\n[   13.673297]  __asan_report_load1_noabort+0x18/0x20\n[   13.673297]  mt_report_fixup+0x103/0x110\n[   13.673297]  hid_open_report+0x1ef/0x810\n[   13.673297]  mt_probe+0x422/0x960\n[   13.673297]  hid_device_probe+0x2e2/0x6f0\n[   13.673297]  really_probe+0x1c6/0x6b0\n[   13.673297]  __driver_probe_device+0x24f/0x310\n[   13.673297]  driver_probe_device+0x4e/0x220\n[   13.673297]  __device_attach_driver+0x169/0x320\n[   13.673297]  bus_for_each_drv+0x11d/0x1b0\n[   13.673297]  __device_attach+0x1b8/0x3e0\n[   13.673297]  device_initial_probe+0x12/0x20\n[   13.673297]  bus_probe_device+0x13d/0x180\n[   13.673297]  device_add+0xe3a/0x1670\n[   13.673297]  hid_add_device+0x31d/0xa40\n[...]",
  "id": "GHSA-r5jq-cwp5-xxhf",
  "modified": "2025-09-16T15:32:35Z",
  "published": "2025-09-16T15:32:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-39806"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0379eb8691b9c4477da0277ae0832036ca4410b4"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/3055309821dd3da92888f88bad10f0324c3c89fe"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/4263e5851779f7d8ebfbc9cc7d2e9b0217adba8d"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/7ab7311c43ae19c66c53ccd8c5052a9072a4e338"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c13e95587583d018cfbcc277df7e02d41902ac5a"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/d4e6e2680807671e1c73cd6a986b33659ce92f2b"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2025-39806 (GCVE-0-2025-39806)

Vulnerability from cvelistv5

fkie_cve-2025-39806

Vulnerability from fkie_nvd

wid-sec-w-2025-2077

Vulnerability from csaf_certbund

ghsa-r5jq-cwp5-xxhf

Vulnerability from github

Tags

Sightings

Nomenclature