{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-23382", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-01-13T15:37:46.007Z", "datePublished": "2026-03-25T10:28:01.040Z", "dateUpdated": "2026-03-25T16:49:16.018Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-03-25T16:49:16.018Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: Add HID_CLAIMED_INPUT guards in raw_event callbacks missing them\n\nIn commit 2ff5baa9b527 (\"HID: appleir: Fix potential NULL dereference at\nraw event handle\"), we handle the fact that raw event callbacks\ncan happen even for a HID device that has not been \"claimed\" causing a\ncrash if a broken device were attempted to be connected to the system.\n\nFix up the remaining in-tree HID drivers that forgot to add this same\ncheck to resolve the same issue."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/hid/hid-cmedia.c", "drivers/hid/hid-creative-sb0540.c", "drivers/hid/hid-zydacron.c"], "versions": [{"version": "d0742abaa1c396a26bb3d3ce2732988cd3faa020", "lessThan": "ac83b0d91a3f4f0c012ba9c85fb99436cddb1208", "status": "affected", "versionType": "git"}, {"version": "d0742abaa1c396a26bb3d3ce2732988cd3faa020", "lessThan": "6e330889e6c8db99f04d4feb861d23de4e8fbb13", "status": "affected", "versionType": "git"}, {"version": "d0742abaa1c396a26bb3d3ce2732988cd3faa020", "lessThan": "892dbaf46bb738dacf1fa663eadb3712c85868f0", "status": "affected", "versionType": "git"}, {"version": "d0742abaa1c396a26bb3d3ce2732988cd3faa020", "lessThan": "20864e3e41c74cda253a9fa6b6fe093c1461a6a9", "status": "affected", "versionType": "git"}, {"version": "d0742abaa1c396a26bb3d3ce2732988cd3faa020", "lessThan": "575122cd6569c4c4aa13c4c9958fea506724c788", "status": "affected", "versionType": "git"}, {"version": "d0742abaa1c396a26bb3d3ce2732988cd3faa020", "lessThan": "ecfa6f34492c493a9a1dc2900f3edeb01c79946b", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/hid/hid-cmedia.c", "drivers/hid/hid-creative-sb0540.c", "drivers/hid/hid-zydacron.c"], "versions": [{"version": "2.6.35", "status": "affected"}, {"version": "0", "lessThan": "2.6.35", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.167", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.130", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.77", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.17", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.19.7", "lessThanOrEqual": "6.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.0-rc3", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.35", "versionEndExcluding": "6.1.167"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.35", "versionEndExcluding": "6.6.130"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.35", "versionEndExcluding": "6.12.77"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.35", "versionEndExcluding": "6.18.17"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.35", "versionEndExcluding": "6.19.7"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.35", "versionEndExcluding": "7.0-rc3"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/ac83b0d91a3f4f0c012ba9c85fb99436cddb1208"}, {"url": "https://git.kernel.org/stable/c/6e330889e6c8db99f04d4feb861d23de4e8fbb13"}, {"url": "https://git.kernel.org/stable/c/892dbaf46bb738dacf1fa663eadb3712c85868f0"}, {"url": "https://git.kernel.org/stable/c/20864e3e41c74cda253a9fa6b6fe093c1461a6a9"}, {"url": "https://git.kernel.org/stable/c/575122cd6569c4c4aa13c4c9958fea506724c788"}, {"url": "https://git.kernel.org/stable/c/ecfa6f34492c493a9a1dc2900f3edeb01c79946b"}], "title": "HID: Add HID_CLAIMED_INPUT guards in raw_event callbacks missing them", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: Add HID_CLAIMED_INPUT guards in raw_event callbacks missing them\n\nIn commit 2ff5baa9b527 (\"HID: appleir: Fix potential NULL dereference at\nraw event handle\"), we handle the fact that raw event callbacks\ncan happen even for a HID device that has not been \"claimed\" causing a\ncrash if a broken device were attempted to be connected to the system.\n\nFix up the remaining in-tree HID drivers that forgot to add this same\ncheck to resolve the same issue."}], "id": "CVE-2026-23382", "lastModified": "2026-03-25T15:41:33.977", "metrics": {}, "published": "2026-03-25T11:16:38.330", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/20864e3e41c74cda253a9fa6b6fe093c1461a6a9"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/575122cd6569c4c4aa13c4c9958fea506724c788"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/6e330889e6c8db99f04d4feb861d23de4e8fbb13"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/892dbaf46bb738dacf1fa663eadb3712c85868f0"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/ac83b0d91a3f4f0c012ba9c85fb99436cddb1208"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/ecfa6f34492c493a9a1dc2900f3edeb01c79946b"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "kernel: HID: Add HID_CLAIMED_INPUT guards in raw_event callbacks missing them", "id": "2451252", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451252"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-414", "details": ["A flaw was found in the Linux kernel's Human Interface Device (HID) drivers. This vulnerability occurs when raw event callbacks are processed for an unclaimed HID device, due to missing input validation checks. A local attacker, by connecting a specially crafted HID device, could trigger a NULL dereference. This leads to a system crash, resulting in a Denial of Service (DoS)."], "name": "CVE-2026-23382", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Fix deferred", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-03-25T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-23382\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-23382\nhttps://lore.kernel.org/linux-cve-announce/2026032543-CVE-2026-23382-26fe@gregkh/T"], "statement": "This flaw affects multiple HID drivers that failed to add HID_CLAIMED_INPUT guards after the appleir fix. Raw event callbacks can occur for unclaimed devices, causing NULL dereferences. Physical access to connect a malicious USB HID device is required. This is a class of bugs across multiple HID drivers.", "threat_severity": "Moderate"}

{"analysis": {"en": {"generated_at": "2026-03-25T12:37:27.267965+00:00", "value": {"mitigation_remediation": ["Apply a kernel update that includes the patch commit 2ff5baa9b527 or a later release.", "Verify the presence of HID_CLAIMED_INPUT guard in relevant HID drivers.", "Check distribution security advisories for kernel patches and apply as soon as available.", "Monitor kernel logs for potential crashes."], "summary": {"action": "Update Kernel", "impact": "Denial of Service via kernel crash"}, "threat_synthesis": {"affected_systems": "All Linux kernel builds that do not include the patch commit 2ff5baa9b527 or a later merge contain this flaw. The issue is present in the appleir driver and other in\u2011tree HID drivers that omitted the HID_CLAIMED_INPUT guard. Distributions shipping kernels prior to this patch are vulnerable regardless of vendor.", "description_and_impact": "The vulnerability arises because several Linux kernel HID drivers fail to verify that a HID device has been claimed before handling raw event callbacks. If a malformed or broken HID device is connected, the driver dereferences a NULL pointer, leading to a kernel crash. This results in a denial of service that could require a system reboot.", "risk_and_exploitability": "The CVSS score is not disclosed, and the EPSS score is unavailable. The vulnerability is not listed in CISA\u2019s KEV catalog. Based on the description, it is inferred that an attacker must provide a malicious HID device that triggers a raw event. Successful exploitation causes a kernel crash, leading to a denial of service. The attack appears to be local or physical in nature and does not provide remote code execution."}}}}, "created": "2026-03-25T21:31:33.940447+00:00", "updated": "2026-03-25T21:31:33.940503+00:00", "vendors": [], "weaknesses": ["CWE-476"]}