suse · CVE-2025-37862

Quick triage

Priority: medium Published: 2025-05-09 23:12:51 UTC Updated: 2026-03-05 01:06:13 UTC

View at Official suse advisory, NVD, CVE.org · CVE detail

Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.

Tracker summary

CVE-2025-37862 severity moderate: SUSE including 422 source package names (15.7.20.5.1:kernel-default-6.4.0-150700.53.6.1, 2.1.3-7.43:kernel-rt-6.4.0-33.1, …), 742 product×package rows across 139 product lines (Container suse/hpc/warewulf4-x86_64/sle-hpc-node, Container suse/sl-micro/6.0/rt-os-container, … (139 product lines)): Fixed 511, Known Affected 231.

Description:

In the Linux kernel, the following vulnerability has been resolved: HID: pidff: Fix null pointer dereference in pidff_find_fields This function triggered a null pointer dereference if used to search for a report that isn't implemented on the device. This happened both for optional and required reports alike. The same logic was applied to pidff_find_special_field and although pidff_init_fields should return an error earlier if one of the required reports is missing, future modifications could change this logic and resurface this possible null pointer dereference again. LKML bug report: https://lore.kernel.org/all/CAL-gK7f5=R0nrrQdPtaZZr1fd-cdAMbDMuZ_NLA8vM0SX+nGSw@mail.gmail.com

cvelogic Threat Intelligence