CVE-2025-39808
HID: hid-ntrig: fix unable to handle page fault in ntrig_report_version()
Description
In the Linux kernel, the following vulnerability has been resolved: HID: hid-ntrig: fix unable to handle page fault in ntrig_report_version() in ntrig_report_version(), hdev parameter passed from hid_probe(). sending descriptor to /dev/uhid can make hdev->dev.parent->parent to null if hdev->dev.parent->parent is null, usb_dev has invalid address(0xffffffffffffff58) that hid_to_usb_dev(hdev) returned when usb_rcvctrlpipe() use usb_dev,it trigger page fault error for address(0xffffffffffffff58) add null check logic to ntrig_report_version() before calling hid_to_usb_dev()
INFO
Published Date :
Sept. 16, 2025, 1:15 p.m.
Last Modified :
Sept. 16, 2025, 1:15 p.m.
Remotely Exploit :
No
Source :
416baaa9-dc9f-4396-8d5f-8c081fb06d67
Affected Products
The following products are affected by CVE-2025-39808
vulnerability.
Even if cvefeed.io is aware of the exact versions of the
products
that
are
affected, the information is not represented in the table below.
No affected product recoded yet
Solution
- Apply the null check logic to ntrig_report_version().
- Ensure hdev->dev.parent->parent is not null.
- Update the Linux kernel HID driver.
References to Advisories, Solutions, and Tools
Here, you will find a curated list of external links that provide in-depth
information, practical solutions, and valuable tools related to
CVE-2025-39808.
CWE - Common Weakness Enumeration
While CVE identifies
specific instances of vulnerabilities, CWE categorizes the common flaws or
weaknesses that can lead to vulnerabilities. CVE-2025-39808 is
associated with the following CWEs:
Common Attack Pattern Enumeration and Classification (CAPEC)
Common Attack Pattern Enumeration and Classification
(CAPEC)
stores attack patterns, which are descriptions of the common attributes and
approaches employed by adversaries to exploit the CVE-2025-39808
weaknesses.
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2025-39808 vulnerability anywhere in the article.
The following table lists the changes that have been made to the
CVE-2025-39808 vulnerability over time.
Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.
-
New CVE Received by 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Sep. 16, 2025
Action Type Old Value New Value Added Description In the Linux kernel, the following vulnerability has been resolved: HID: hid-ntrig: fix unable to handle page fault in ntrig_report_version() in ntrig_report_version(), hdev parameter passed from hid_probe(). sending descriptor to /dev/uhid can make hdev->dev.parent->parent to null if hdev->dev.parent->parent is null, usb_dev has invalid address(0xffffffffffffff58) that hid_to_usb_dev(hdev) returned when usb_rcvctrlpipe() use usb_dev,it trigger page fault error for address(0xffffffffffffff58) add null check logic to ntrig_report_version() before calling hid_to_usb_dev() Added Reference https://git.kernel.org/stable/c/019c34ca11372de891c06644846eb41fca7c890c Added Reference https://git.kernel.org/stable/c/183def8e4d786e50165e5d992df6a3083e45e16c Added Reference https://git.kernel.org/stable/c/185c926283da67a72df20a63a5046b3b4631b7d9 Added Reference https://git.kernel.org/stable/c/22ddb5eca4af5e69dffe2b54551d2487424448f1 Added Reference https://git.kernel.org/stable/c/4338b0f6544c3ff042bfbaf40bc9afe531fb08c7 Added Reference https://git.kernel.org/stable/c/6070123d5344d0950f10ef6a5fdc3f076abb7ad2 Added Reference https://git.kernel.org/stable/c/98520a9a3d69a530dd1ee280cbe0abc232a35bff Added Reference https://git.kernel.org/stable/c/e422370e6ab28478872b914cee5d49a9bdfae0c6