CVE-2025-21948

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Published Apr 1, 2025

Updated: Apr 11, 2025

CWE ID 476

Summary

CVE-2025-21948: A NULL pointer dereference vulnerability was identified in the Linux kernel's input_event function. This issue was discovered through Syzkaller testing and was caused by malformed report items sent by an emulated device. The vulnerability results in the failure of hidinput_connect() and the HID_CLAIMED_INPUT flag not being set. However, it does not cause appleir_probe() to fail, allowing the event callback to be called without the associated input device. To mitigate this issue, a check for the HID_CLAIMED_INPUT flag has been implemented to exit the event hook early if no input_dev is claimed. Similar checks are used by other hid drivers.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Advisories, Assessments, and Mitigations

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Measuring the US-China AI Gap

TerraStealerV2 and TerraLogger: Golden Chickens' New Malware Families Discovered

Uncovering MintsLoader With Recorded Future Malware Intelligence Hunting

Know What Matters

For Customers

For Partners

CVE-2025-21948

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations