{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-23382", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-01-13T15:37:46.007Z", "datePublished": "2026-03-25T10:28:01.040Z", "dateUpdated": "2026-05-11T22:05:47.852Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-05-11T22:05:47.852Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: Add HID_CLAIMED_INPUT guards in raw_event callbacks missing them\n\nIn commit 2ff5baa9b527 (\"HID: appleir: Fix potential NULL dereference at\nraw event handle\"), we handle the fact that raw event callbacks\ncan happen even for a HID device that has not been \"claimed\" causing a\ncrash if a broken device were attempted to be connected to the system.\n\nFix up the remaining in-tree HID drivers that forgot to add this same\ncheck to resolve the same issue."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/hid/hid-cmedia.c", "drivers/hid/hid-creative-sb0540.c", "drivers/hid/hid-zydacron.c"], "versions": [{"version": "d0742abaa1c396a26bb3d3ce2732988cd3faa020", "lessThan": "b48284d7f0f76023b215a3409cdc989b5081eadf", "status": "affected", "versionType": "git"}, {"version": "d0742abaa1c396a26bb3d3ce2732988cd3faa020", "lessThan": "de316c1edf15bc30ff5e0d4c7b37c70fd41cf319", "status": "affected", "versionType": "git"}, {"version": "d0742abaa1c396a26bb3d3ce2732988cd3faa020", "lessThan": "ac83b0d91a3f4f0c012ba9c85fb99436cddb1208", "status": "affected", "versionType": "git"}, {"version": "d0742abaa1c396a26bb3d3ce2732988cd3faa020", "lessThan": "6e330889e6c8db99f04d4feb861d23de4e8fbb13", "status": "affected", "versionType": "git"}, {"version": "d0742abaa1c396a26bb3d3ce2732988cd3faa020", "lessThan": "892dbaf46bb738dacf1fa663eadb3712c85868f0", "status": "affected", "versionType": "git"}, {"version": "d0742abaa1c396a26bb3d3ce2732988cd3faa020", "lessThan": "20864e3e41c74cda253a9fa6b6fe093c1461a6a9", "status": "affected", "versionType": "git"}, {"version": "d0742abaa1c396a26bb3d3ce2732988cd3faa020", "lessThan": "575122cd6569c4c4aa13c4c9958fea506724c788", "status": "affected", "versionType": "git"}, {"version": "d0742abaa1c396a26bb3d3ce2732988cd3faa020", "lessThan": "ecfa6f34492c493a9a1dc2900f3edeb01c79946b", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/hid/hid-cmedia.c", "drivers/hid/hid-creative-sb0540.c", "drivers/hid/hid-zydacron.c"], "versions": [{"version": "2.6.35", "status": "affected"}, {"version": "0", "lessThan": "2.6.35", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.253", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.203", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.167", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.130", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.77", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.17", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.19.7", "lessThanOrEqual": "6.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.0", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.35", "versionEndExcluding": "5.10.253"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.35", "versionEndExcluding": "5.15.203"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.35", "versionEndExcluding": "6.1.167"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.35", "versionEndExcluding": "6.6.130"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.35", "versionEndExcluding": "6.12.77"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.35", "versionEndExcluding": "6.18.17"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.35", "versionEndExcluding": "6.19.7"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.35", "versionEndExcluding": "7.0"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/b48284d7f0f76023b215a3409cdc989b5081eadf"}, {"url": "https://git.kernel.org/stable/c/de316c1edf15bc30ff5e0d4c7b37c70fd41cf319"}, {"url": "https://git.kernel.org/stable/c/ac83b0d91a3f4f0c012ba9c85fb99436cddb1208"}, {"url": "https://git.kernel.org/stable/c/6e330889e6c8db99f04d4feb861d23de4e8fbb13"}, {"url": "https://git.kernel.org/stable/c/892dbaf46bb738dacf1fa663eadb3712c85868f0"}, {"url": "https://git.kernel.org/stable/c/20864e3e41c74cda253a9fa6b6fe093c1461a6a9"}, {"url": "https://git.kernel.org/stable/c/575122cd6569c4c4aa13c4c9958fea506724c788"}, {"url": "https://git.kernel.org/stable/c/ecfa6f34492c493a9a1dc2900f3edeb01c79946b"}], "title": "HID: Add HID_CLAIMED_INPUT guards in raw_event callbacks missing them", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "A5F856BA-48C4-481F-9C23-2B10D5847433", "versionEndExcluding": "5.10.253", "versionStartIncluding": "2.6.35.1", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "20DDB3E9-AABF-4107-ADB0-5362AA067045", "versionEndExcluding": "5.15.203", "versionStartIncluding": "5.11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "2EDC6BAF-B710-4E26-B6AA-D68922EE7B43", "versionEndExcluding": "6.1.167", "versionStartIncluding": "5.16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "C57BB918-DF28-46B3-94F7-144176841267", "versionEndExcluding": "6.6.130", "versionStartIncluding": "6.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "B3D12E00-E42D-4056-B354-BAD4903C03A5", "versionEndExcluding": "6.12.77", "versionStartIncluding": "6.7", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "A5E006E4-59C7-43C1-9231-62A72219F2BA", "versionEndExcluding": "6.18.17", "versionStartIncluding": "6.13", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "69245D10-0B71-485E-80C3-A64F077004D3", "versionEndExcluding": "6.19.7", "versionStartIncluding": "6.19", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.35:-:*:*:*:*:*:*", "matchCriteriaId": "11B11B98-42CE-41C8-A40E-FAA230FD2A76", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "F253B622-8837-4245-BCE5-A7BF8FC76A16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*", "matchCriteriaId": "F666C8D8-6538-46D4-B318-87610DE64C34", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*", "matchCriteriaId": "02259FDA-961B-47BC-AE7F-93D7EC6E90C2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*", "matchCriteriaId": "58A9FEFF-C040-420D-8F0A-BFDAAA1DF258", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:*", "matchCriteriaId": "1D2315C0-D46F-4F85-9754-F9E5E11374A6", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc7:*:*:*:*:*:*", "matchCriteriaId": "512EE3A8-A590-4501-9A94-5D4B268D6138", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: Add HID_CLAIMED_INPUT guards in raw_event callbacks missing them\n\nIn commit 2ff5baa9b527 (\"HID: appleir: Fix potential NULL dereference at\nraw event handle\"), we handle the fact that raw event callbacks\ncan happen even for a HID device that has not been \"claimed\" causing a\ncrash if a broken device were attempted to be connected to the system.\n\nFix up the remaining in-tree HID drivers that forgot to add this same\ncheck to resolve the same issue."}, {"lang": "es", "value": "En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta:\n\nHID: A\u00f1adir protecciones HID_CLAIMED_INPUT en las retrollamadas de raw_event que las omiten\n\nEn el commit 2ff5baa9b527 ('HID: appleir: Corregir posible desreferencia NULL en el manejo de eventos raw'), abordamos el hecho de que las retrollamadas de eventos raw pueden ocurrir incluso para un dispositivo HID que no ha sido 'reclamado', causando un fallo si se intentara conectar un dispositivo defectuoso al sistema.\n\nCorregir los controladores HID restantes en el \u00e1rbol que olvidaron a\u00f1adir esta misma comprobaci\u00f3n para resolver el mismo problema."}], "id": "CVE-2026-23382", "lastModified": "2026-04-24T18:42:01.033", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-03-25T11:16:38.330", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/20864e3e41c74cda253a9fa6b6fe093c1461a6a9"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/575122cd6569c4c4aa13c4c9958fea506724c788"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/6e330889e6c8db99f04d4feb861d23de4e8fbb13"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/892dbaf46bb738dacf1fa663eadb3712c85868f0"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/ac83b0d91a3f4f0c012ba9c85fb99436cddb1208"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/b48284d7f0f76023b215a3409cdc989b5081eadf"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/de316c1edf15bc30ff5e0d4c7b37c70fd41cf319"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/ecfa6f34492c493a9a1dc2900f3edeb01c79946b"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: HID: Add HID_CLAIMED_INPUT guards in raw_event callbacks missing them", "id": "2451252", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451252"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-414", "details": ["A flaw was found in the Linux kernel's Human Interface Device (HID) drivers. This vulnerability occurs when raw event callbacks are processed for an unclaimed HID device, due to missing input validation checks. A local attacker, by connecting a specially crafted HID device, could trigger a NULL dereference. This leads to a system crash, resulting in a Denial of Service (DoS)."], "name": "CVE-2026-23382", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Fix deferred", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-03-25T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-23382\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-23382\nhttps://lore.kernel.org/linux-cve-announce/2026032543-CVE-2026-23382-26fe@gregkh/T"], "statement": "This flaw affects multiple HID drivers that failed to add HID_CLAIMED_INPUT guards after the appleir fix. Raw event callbacks can occur for unclaimed devices, causing NULL dereferences. Physical access to connect a malicious USB HID device is required. This is a class of bugs across multiple HID drivers.", "threat_severity": "Moderate"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,ac83b0d91a3f4f0c012ba9c85fb99436cddb1208)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,6e330889e6c8db99f04d4feb861d23de4e8fbb13)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,892dbaf46bb738dacf1fa663eadb3712c85868f0)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,20864e3e41c74cda253a9fa6b6fe093c1461a6a9)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,575122cd6569c4c4aa13c4c9958fea506724c788)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,ecfa6f34492c493a9a1dc2900f3edeb01c79946b)"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}, {"configurations": [{"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.1.167,6.2.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.6.130,6.7.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.12.77,6.13.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.18.17,6.19.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.19.7,6.20.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[7.0-rc3,*]"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}], "analysis": {"en": {"generated_at": "2026-04-28T16:59:09.636097+00:00", "value": {"mitigation_remediation": ["Upgrade the Linux kernel to a version that includes commit 2ff5baa9b527, which adds the missing HID_CLAIMED_INPUT guard to raw event callbacks.", "If an upgrade is not immediately possible, patch the vulnerable HID drivers in the kernel source by applying the same null dereference guard or the official patch from the mainline kernel tree.", "Restrict the ability of untrusted users or devices to attach HID devices by disabling the HID subsystem, applying udev rules, or removing the device from the system configuration."], "summary": {"action": "Apply Patch", "impact": "Denial of Service via kernel crash"}, "threat_synthesis": {"affected_systems": "All Linux kernel installations that have not incorporated commit 2ff5baa9b527 are affected. The issue was present in drivers such as appleir and other in\u2011tree HID drivers, so any distribution using a kernel older than the supplied fix may be vulnerable.", "description_and_impact": "The Linux kernel contains a flaw where raw input callbacks for HID devices can dereference a NULL pointer if a device has not been claimed. The missing guard causes the kernel to panic, providing a denial\u2011of\u2011service condition. This is a classic null dereference issue classified as CWE\u2011414 and CWE\u2011476.", "risk_and_exploitability": "The CVSS score of 5.5 reflects a moderate severity, while the EPSS score of less than 1% indicates a low probability of exploitation in the wild. The vulnerability is not listed in the CISA KEV catalog. Based on the description it is inferred that an attacker would need to present a malformed or unclaimed HID device to the system, potentially through local or remote attachment of such a device, to trigger the crash."}}}}, "created": "2026-03-25T21:31:33.940447+00:00", "updated": "2026-04-28T17:00:13.471331+00:00", "vendors": ["linux", "linux$PRODUCT$linux_kernel"]}