CVE-2025-38556
HID: core: Harden s32ton() against conversion to 0 bits
Description
In the Linux kernel, the following vulnerability has been resolved: HID: core: Harden s32ton() against conversion to 0 bits Testing by the syzbot fuzzer showed that the HID core gets a shift-out-of-bounds exception when it tries to convert a 32-bit quantity to a 0-bit quantity. Ideally this should never occur, but there are buggy devices and some might have a report field with size set to zero; we shouldn't reject the report or the device just because of that. Instead, harden the s32ton() routine so that it returns a reasonable result instead of crashing when it is called with the number of bits set to 0 -- the same as what snto32() does.
INFO
Published Date :
Aug. 19, 2025, 5:15 p.m.
Last Modified :
Dec. 6, 2025, 10:15 p.m.
Remotely Exploit :
No
Source :
416baaa9-dc9f-4396-8d5f-8c081fb06d67
CVSS Scores
| Score | Version | Severity | Vector | Exploitability Score | Impact Score | Source |
|---|---|---|---|---|---|---|
| CVSS 3.1 | HIGH | [email protected] |
Solution
- Update the Linux kernel to a patched version.
- Apply the specific patch for HID core s32ton() hardening.
- Test the system for stability after the update.
References to Advisories, Solutions, and Tools
Here, you will find a curated list of external links that provide in-depth
information, practical solutions, and valuable tools related to
CVE-2025-38556.
CWE - Common Weakness Enumeration
While CVE identifies
specific instances of vulnerabilities, CWE categorizes the common flaws or
weaknesses that can lead to vulnerabilities. CVE-2025-38556 is
associated with the following CWEs:
Common Attack Pattern Enumeration and Classification (CAPEC)
Common Attack Pattern Enumeration and Classification
(CAPEC)
stores attack patterns, which are descriptions of the common attributes and
approaches employed by adversaries to exploit the CVE-2025-38556
weaknesses.
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2025-38556 vulnerability anywhere in the article.
The following table lists the changes that have been made to the
CVE-2025-38556 vulnerability over time.
Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.
-
CVE Modified by 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Dec. 06, 2025
Action Type Old Value New Value Added Reference https://git.kernel.org/stable/c/3c86548a20d7bc2861aa4de044991a327bebad1a Added Reference https://git.kernel.org/stable/c/810189546cb6c8f36443ed091d91f1f5d2fc2ec7 -
Initial Analysis by [email protected]
Nov. 18, 2025
Action Type Old Value New Value Added CVSS V3.1 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H Added CWE CWE-125 Added CPE Configuration OR *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.16 up to (excluding) 6.16.1 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 2.6.20 up to (excluding) 6.12.46 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.13 up to (excluding) 6.15.10 Added Reference Type kernel.org: https://git.kernel.org/stable/c/865ad8469fa24de1559f247d9426ab01e5ce3a56 Types: Patch Added Reference Type kernel.org: https://git.kernel.org/stable/c/8b4a94b1510f6a46ec48494b52ee8f67eb4fc836 Types: Patch Added Reference Type kernel.org: https://git.kernel.org/stable/c/a6b87bfc2ab5bccb7ad953693c85d9062aef3fdd Types: Patch Added Reference Type kernel.org: https://git.kernel.org/stable/c/d3b504146c111548ab60b6ef7aad00bfb1db05a2 Types: Patch -
CVE Modified by 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Sep. 09, 2025
Action Type Old Value New Value Added Reference https://git.kernel.org/stable/c/d3b504146c111548ab60b6ef7aad00bfb1db05a2 -
New CVE Received by 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Aug. 19, 2025
Action Type Old Value New Value Added Description In the Linux kernel, the following vulnerability has been resolved: HID: core: Harden s32ton() against conversion to 0 bits Testing by the syzbot fuzzer showed that the HID core gets a shift-out-of-bounds exception when it tries to convert a 32-bit quantity to a 0-bit quantity. Ideally this should never occur, but there are buggy devices and some might have a report field with size set to zero; we shouldn't reject the report or the device just because of that. Instead, harden the s32ton() routine so that it returns a reasonable result instead of crashing when it is called with the number of bits set to 0 -- the same as what snto32() does. Added Reference https://git.kernel.org/stable/c/865ad8469fa24de1559f247d9426ab01e5ce3a56 Added Reference https://git.kernel.org/stable/c/8b4a94b1510f6a46ec48494b52ee8f67eb4fc836 Added Reference https://git.kernel.org/stable/c/a6b87bfc2ab5bccb7ad953693c85d9062aef3fdd