Skip to main content

Linux CVE-2026-23382

| EUVDEUVD-2026-15376 MEDIUM
NULL Pointer Dereference (CWE-476)
2026-03-25 Linux GHSA-22m9-9vqx-v8ww
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
SUSE
MEDIUM
qualitative
Red Hat
5.5 MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

5
CVSS changed
Apr 24, 2026 - 18:52 NVD
5.5 (MEDIUM)
Patch released
Mar 31, 2026 - 21:13 nvd
Patch available
EUVD ID Assigned
Mar 25, 2026 - 10:45 euvd
EUVD-2026-15376
Analysis Generated
Mar 25, 2026 - 10:45 vuln.today
CVE Published
Mar 25, 2026 - 10:28 nvd
N/A

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

HID: Add HID_CLAIMED_INPUT guards in raw_event callbacks missing them

In commit 2ff5baa9b527 ("HID: appleir: Fix potential NULL dereference at raw event handle"), we handle the fact that raw event callbacks can happen even for a HID device that has not been "claimed" causing a crash if a broken device were attempted to be connected to the system.

Fix up the remaining in-tree HID drivers that forgot to add this same check to resolve the same issue.

AnalysisAI

This vulnerability affects multiple Linux kernel HID (Human Interface Device) drivers that lack proper validation checks when processing raw event callbacks from unclaimed HID devices. An attacker could connect a malicious or broken HID device to trigger a NULL pointer dereference in affected drivers, causing a kernel crash and denial of service. The vulnerability was identified as a gap in security hardening following a similar fix applied to the appleir driver, and patches are available across multiple stable kernel branches.

Technical ContextAI

The vulnerability exists in the Linux kernel's HID subsystem, which handles input devices such as keyboards, mice, and other peripherals. HID devices transition through claiming states when loaded by drivers, but raw event callbacks can be triggered before a device is properly claimed by its intended driver. Without proper HID_CLAIMED_INPUT guard checks in these callbacks, unclaimed devices can cause NULL pointer dereferences when their raw_event handlers attempt to access uninitialized device structures. This affects multiple in-tree HID drivers (cpe:2.3:a:linux:linux:*:*:*:*:*:*:*:*) that process raw HID events without validating the device claim state, as documented in the kernel security commit referencing the original appleir fix (commit 2ff5baa9b527).

RemediationAI

Apply the latest stable kernel security updates from your distribution, which include fixes identified in commits ac83b0d91a3f4f0c012ba9c85fb99436cddb1208, 6e330889e6c8db99f04d4feb861d23de4e8fbb13, and the other referenced commits available at https://git.kernel.org/stable/. For systems unable to immediately patch, restrict physical HID device attachment through BIOS/UEFI settings, disable USB ports where not required, or use udev rules to block unknown HID devices. Organizations should prioritize kernel updates as this vulnerability is straightforward to patch and affects a critical system component. Monitor kernel release notes and security advisories from your Linux distribution for backported fixes to currently-used kernel versions.

Vendor StatusVendor

Debian

linux
Release Status Fixed Version Urgency
bullseye vulnerable 5.10.223-1 -
bullseye (security) vulnerable 5.10.251-1 -
bookworm vulnerable 6.1.159-1 -
bookworm (security) vulnerable 6.1.164-1 -
trixie vulnerable 6.12.73-1 -
trixie (security) vulnerable 6.12.74-2 -
forky, sid fixed 6.19.8-1 -
(unstable) fixed 6.19.8-1 -

SUSE

Severity: Medium
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed

Share

CVE-2026-23382 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy