CVE-2026-23382 PUBLISHED

HID: Add HID_CLAIMED_INPUT guards in raw_event callbacks missing them

Assigner: Linux
Reserved: 13.01.2026 Published: 25.03.2026 Updated: 25.03.2026

In the Linux kernel, the following vulnerability has been resolved:

HID: Add HID_CLAIMED_INPUT guards in raw_event callbacks missing them

In commit 2ff5baa9b527 ("HID: appleir: Fix potential NULL dereference at raw event handle"), we handle the fact that raw event callbacks can happen even for a HID device that has not been "claimed" causing a crash if a broken device were attempted to be connected to the system.

Fix up the remaining in-tree HID drivers that forgot to add this same check to resolve the same issue.

Product Status

Vendor Linux
Product Linux
Versions Default: unaffected
  • affected from 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 to ac83b0d91a3f4f0c012ba9c85fb99436cddb1208 (excl.)
  • affected from 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 to 6e330889e6c8db99f04d4feb861d23de4e8fbb13 (excl.)
  • affected from 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 to 892dbaf46bb738dacf1fa663eadb3712c85868f0 (excl.)
  • affected from 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 to 20864e3e41c74cda253a9fa6b6fe093c1461a6a9 (excl.)
  • affected from 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 to 575122cd6569c4c4aa13c4c9958fea506724c788 (excl.)
  • affected from 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 to ecfa6f34492c493a9a1dc2900f3edeb01c79946b (excl.)
Vendor Linux
Product Linux
Versions Default: affected
  • unaffected from 6.1.167 to 6.1.* (incl.)
  • unaffected from 6.6.130 to 6.6.* (incl.)
  • unaffected from 6.12.77 to 6.12.* (incl.)
  • unaffected from 6.18.17 to 6.18.* (incl.)
  • unaffected from 6.19.7 to 6.19.* (incl.)
  • unaffected from 7.0-rc3 to * (incl.)

References