← Back

CVE-2026-23382

nvd nist
Published: Mar 25, 2026Modified: Apr 24, 2026

JSON object

Loading...
5.5
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Exploitability: 1.8 / Impact: 3.6
Source: NVD

Description

In the Linux kernel, the following vulnerability has been resolved: HID: Add HID_CLAIMED_INPUT guards in raw_event callbacks missing them In commit 2ff5baa9b527 ("HID: appleir: Fix potential NULL dereference at raw event handle"), we handle the fact that raw event callbacks can happen even for a HID device that has not been "claimed" causing a crash if a broken device were attempted to be connected to the system. Fix up the remaining in-tree HID drivers that forgot to add this same check to resolve the same issue.

Affected (15)

Products: Linux: Linux Kernel
Linux
1 product
Linux Kernel
Configuration A
15 vulnerable
Vulnerable SoftwareAffected Versions
Linux
Linux Kernel
From 2.6.35.1 to 5.10.253
Linux Kernel
From 5.11 to 5.15.203
Linux Kernel
From 5.16 to 6.1.167
Linux Kernel
From 6.13 to 6.18.17
Linux Kernel
From 6.19 to 6.19.7
Linux Kernel
From 6.2 to 6.6.130
Linux Kernel
From 6.7 to 6.12.77
Linux Kernel
Version 2.6.35
Linux Kernel
Version 7.0 rc1
Linux Kernel
Version 7.0 rc2
Linux Kernel
Version 7.0 rc3
Linux Kernel
Version 7.0 rc4
Linux Kernel
Version 7.0 rc5
Linux Kernel
Version 7.0 rc6
Linux Kernel
Version 7.0 rc7

Related CWEs

CWE-476
NULL Pointer Dereference
The product dereferences a pointer that it expects to be valid but is NULL.

References (8)

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch

Timeline

No history available yet.