CVE-2025-38556

UNKNOWN 0.0

HID: core: Harden s32ton() against conversion to 0 bits

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

In the Linux kernel, the following vulnerability has been resolved: HID: core: Harden s32ton() against conversion to 0 bits Testing by the syzbot fuzzer showed that the HID core gets a shift-out-of-bounds exception when it tries to convert a 32-bit quantity to a 0-bit quantity. Ideally this should never occur, but there are buggy devices and some might have a report field with size set to zero; we shouldn't reject the report or the device just because of that. Instead, harden the s32ton() routine so that it returns a reasonable result instead of crashing when it is called with the number of bits set to 0 -- the same as what snto32() does.

Vendor	linux
Product	linux
Ecosystems	Linux Kernel
Industries	Technology
Published	Aug 19, 2025
Last Updated	May 11, 2026

Stay Ahead of the Next One

Get instant alerts for linux linux

Be the first to know when new unknown vulnerabilities affecting linux linux are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Linux / Linux

dde5845a529ff753364a6d1aea61180946270bfa < 6cdf6c708717c5c6897d0800a1793e83757c7491 dde5845a529ff753364a6d1aea61180946270bfa < eeeaba737919bdce9885e2a00ac2912f61a3684d dde5845a529ff753364a6d1aea61180946270bfa < 3c86548a20d7bc2861aa4de044991a327bebad1a dde5845a529ff753364a6d1aea61180946270bfa < 810189546cb6c8f36443ed091d91f1f5d2fc2ec7 dde5845a529ff753364a6d1aea61180946270bfa < d3b504146c111548ab60b6ef7aad00bfb1db05a2 dde5845a529ff753364a6d1aea61180946270bfa < 8b4a94b1510f6a46ec48494b52ee8f67eb4fc836 dde5845a529ff753364a6d1aea61180946270bfa < 865ad8469fa24de1559f247d9426ab01e5ce3a56 dde5845a529ff753364a6d1aea61180946270bfa < a6b87bfc2ab5bccb7ad953693c85d9062aef3fdd

Linux / Linux

2.6.20

References

NVD ↗ CVE.org ↗ EPSS Data ↗