CVE-2025-37862

Updated: 2025-11-19 04:06:33.841777

Description:

In the Linux kernel, the following vulnerability has been resolved: HID: pidff: Fix null pointer dereference in pidff_find_fields This function triggered a null pointer dereference if used to search for a report that isn't implemented on the device. This happened both for optional and required reports alike. The same logic was applied to pidff_find_special_field and although pidff_init_fields should return an error earlier if one of the required reports is missing, future modifications could change this logic and resurface this possible null pointer dereference again. LKML bug report: https://lore.kernel.org/all/CAL-gK7f5=R0nrrQdPtaZZr1fd-cdAMbDMuZ_NLA8vM0SX+nGSw@mail.gmail.com


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x 0.0
CVSS Version 3.x MEDIUM 5.5

Status

OS name Project name Version Score Severity Status Errata Last updated

Statement
RHEL 7 ELS kernel 3.10.0 5.5 MEDIUM Ignored 2025-12-18 20:07:46
TuxCare 9.6 ESU kernel 5.14.0 5.5 MEDIUM Ignored 2025-12-03 00:22:04 CVE-2025-37862 is limited to the Linux HID pidff (USB PID force‑feedback) driver and is only reach...
Ubuntu 16.04 ELS linux-hwe 4.15.0 5.5 MEDIUM Ignored 2026-01-16 17:18:29 This CVE is a null-pointer dereference in the HID PID force‑feedback (pidff) driver that only occu...
Ubuntu 16.04 ELS linux 4.4.0 5.5 MEDIUM Ignored 2026-01-16 17:12:59 This CVE is a null-pointer dereference in the HID PID force‑feedback (pidff) driver that only occu...
Ubuntu 18.04 ELS linux 4.15.0 5.5 MEDIUM Ignored 2026-01-16 17:13:00 This CVE is a null-pointer dereference in the HID PID force‑feedback (pidff) driver that only occu...
Ubuntu 20.04 ELS linux 5.4.0 5.5 MEDIUM Ignored 2026-01-16 17:12:59 This CVE is a null-pointer dereference in the HID PID force‑feedback (pidff) driver that only occu...
Total: 16