CVE-2025-39808

MEDIUM EPSS 5.6%
Published Sep 16, 20259mo ago · Modified Jun 17, 20261w ago
5.5 CVSS 3.1
Medium
Find Similar
Published Sep 16, 2025 9mo ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: HID: hid-ntrig: fix unable to handle page fault in ntrig_report_version() in ntrig_report_version(), hdev parameter passed from hid_probe(). sending descriptor to /dev/uhid can make hdev->dev.parent->parent to null if hdev->dev.parent->parent is null, usb_dev has invalid address(0xffffffffffffff58) that hid_to_usb_dev(hdev) returned when usb_rcvctrlpipe() use usb_dev,it trigger page fault error for address(0xffffffffffffff58) add null check logic to ntrig_report_version() before calling hid_to_usb_dev()

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
5.6% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Affected Products 11

VendorProductVersionRange
linuxlinux_kernel*≥2.6.37  –  <5.4.298
linuxlinux_kernel*≥5.5  –  <5.10.242
linuxlinux_kernel*≥5.11  –  <5.15.191
linuxlinux_kernel*≥5.16  –  <6.1.150
linuxlinux_kernel*≥6.2  –  <6.6.104
linuxlinux_kernel*≥6.7  –  <6.12.45
linuxlinux_kernel*≥6.13  –  <6.16.5
linuxlinux_kernel6.17any
linuxlinux_kernel6.17any
linuxlinux_kernel6.17any
debiandebian_linux11.0any

References 11

  • cert-portal.siemens.com https://cert-portal.siemens.com/productcert/html/ssa-032379.html
  • git.kernel.org https://git.kernel.org/stable/c/019c34ca11372de891c06644846eb41fca7c890c
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/183def8e4d786e50165e5d992df6a3083e45e16c
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/185c926283da67a72df20a63a5046b3b4631b7d9
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/22ddb5eca4af5e69dffe2b54551d2487424448f1
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/4338b0f6544c3ff042bfbaf40bc9afe531fb08c7
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/6070123d5344d0950f10ef6a5fdc3f076abb7ad2
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/98520a9a3d69a530dd1ee280cbe0abc232a35bff
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/e422370e6ab28478872b914cee5d49a9bdfae0c6
    Patch
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html
    Third Party Advisory
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
    Third Party Advisory

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/019c34ca11372de891c06644846eb41fca7c890c
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/183def8e4d786e50165e5d992df6a3083e45e16c
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/185c926283da67a72df20a63a5046b3b4631b7d9
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/22ddb5eca4af5e69dffe2b54551d2487424448f1
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/4338b0f6544c3ff042bfbaf40bc9afe531fb08c7
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/6070123d5344d0950f10ef6a5fdc3f076abb7ad2
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/98520a9a3d69a530dd1ee280cbe0abc232a35bff
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/e422370e6ab28478872b914cee5d49a9bdfae0c6
    Patch