{"id":"AZL-73464","summary":"CVE-2025-38495 affecting package kernel for versions less than 5.15.200.1-1","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nHID: core: ensure the allocated report buffer can contain the reserved report ID\n\nWhen the report ID is not used, the low level transport drivers expect\nthe first byte to be 0. However, currently the allocated buffer not\naccount for that extra byte, meaning that instead of having 8 guaranteed\nbytes for implement to be working, we only have 7.","modified":"2026-04-01T05:22:38.292146Z","published":"2025-07-28T12:15:31Z","upstream":["CVE-2025-38495"],"references":[{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-38495"}],"affected":[{"package":{"name":"kernel","ecosystem":"Azure Linux:2","purl":"pkg:rpm/azure-linux/kernel"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.15.200.1-1"}]}],"database_specific":{"source":"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-73464.json"}}],"schema_version":"1.7.5"}