Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: HID: Add HID_CLAIMED_INPUT guards in raw_event callbacks missing them In commit 2ff5baa9b527 ("HID: appleir: Fix potential NULL dereference at raw event handle"), we handle the fact that raw event callbacks can happen even for a HID device that has not been "claimed" causing a crash if a broken device were attempted to be connected to the system. Fix up the remaining in-tree HID drivers that forgot to add this same check to resolve the same issue.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | >= 2.6.35.1, < 5.10.253 |
Related Weaknesses (CWE)
References
- https://git.kernel.org/stable/c/20864e3e41c74cda253a9fa6b6fe093c1461a6a9Patch
- https://git.kernel.org/stable/c/575122cd6569c4c4aa13c4c9958fea506724c788Patch
- https://git.kernel.org/stable/c/6e330889e6c8db99f04d4feb861d23de4e8fbb13Patch
- https://git.kernel.org/stable/c/892dbaf46bb738dacf1fa663eadb3712c85868f0Patch
- https://git.kernel.org/stable/c/ac83b0d91a3f4f0c012ba9c85fb99436cddb1208Patch
- https://git.kernel.org/stable/c/b48284d7f0f76023b215a3409cdc989b5081eadfPatch
- https://git.kernel.org/stable/c/de316c1edf15bc30ff5e0d4c7b37c70fd41cf319Patch
- https://git.kernel.org/stable/c/ecfa6f34492c493a9a1dc2900f3edeb01c79946bPatch
FAQ
What is CVE-2026-23382?
CVE-2026-23382 is a vulnerability with a CVSS score of 5.5 (MEDIUM). In the Linux kernel, the following vulnerability has been resolved: HID: Add HID_CLAIMED_INPUT guards in raw_event callbacks missing them In commit 2ff5baa9b527 ("HID: appleir: Fix potential NULL de...
How severe is CVE-2026-23382?
CVE-2026-23382 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-23382?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel.