In the Linux kernel, the following vulnerability has been resolved: HID: quirks: Add quirk for 2 Chicony Electronics HP 5MP Cameras The Chicony Electronics HP 5MP Cameras (USB ID 04F2:B824 & 04F2:B82C) report a HID sensor interface that is not actually implemented. Attempting to access this non-functional sensor via iio_info causes system hangs as runtime PM tries to wake up an unresponsive sensor. Add these 2 devices to the HID ignore list since the sensor interface is non-functional by design and should not be exposed to userspace.

Metrics

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Linux
  • Linux Kernel

No data.

No data.

References
Link Providers
https://git.kernel.org/stable/c/1b297ab6f38ca60a4ca7298b297944ec6043b2f4 cve-icon cve-icon
https://git.kernel.org/stable/c/2b0931eee48208c25bb77486946dea8e96aa6a36 cve-icon cve-icon
https://git.kernel.org/stable/c/35f1a5360ac68d9629abbb3930a0a07901cba296 cve-icon cve-icon
https://git.kernel.org/stable/c/3ce1d87d1f5d80322757aa917182deb7370963b9 cve-icon cve-icon
https://git.kernel.org/stable/c/54bae4c17c11688339eb73a04fd24203bb6e7494 cve-icon cve-icon
https://git.kernel.org/stable/c/7ac00f019698f614a49cce34c198d0568ab0e1c2 cve-icon cve-icon
https://git.kernel.org/stable/c/a2a91abd19c574b598b1c69ad76ad9c7eedaf062 cve-icon cve-icon
https://git.kernel.org/stable/c/c72536350e82b53a1be0f3bfdf1511bba2827102 cve-icon cve-icon
https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html cve-icon
https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html cve-icon
https://lore.kernel.org/linux-cve-announce/2025081625-CVE-2025-38540-222a@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2025-38540 cve-icon
https://www.cve.org/CVERecord?id=CVE-2025-38540 cve-icon
History

Mon, 03 Nov 2025 18:30:00 +0000

Type Values Removed Values Added
References

Sun, 24 Aug 2025 22:30:00 +0000

Type Values Removed Values Added
First Time appeared Linux
Linux linux Kernel
Vendors & Products Linux
Linux linux Kernel

Tue, 19 Aug 2025 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-440
References
Metrics threat_severity

None

 cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

threat_severity

Moderate

Sat, 16 Aug 2025 11:30:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: HID: quirks: Add quirk for 2 Chicony Electronics HP 5MP Cameras The Chicony Electronics HP 5MP Cameras (USB ID 04F2:B824 & 04F2:B82C) report a HID sensor interface that is not actually implemented. Attempting to access this non-functional sensor via iio_info causes system hangs as runtime PM tries to wake up an unresponsive sensor. Add these 2 devices to the HID ignore list since the sensor interface is non-functional by design and should not be exposed to userspace.
Title HID: quirks: Add quirk for 2 Chicony Electronics HP 5MP Cameras
References
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2025-08-16T11:22:14.773Z

Updated: 2025-11-03T17:39:36.320Z

Reserved: 2025-04-16T04:51:24.024Z

Link: CVE-2025-38540

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2025-08-16T12:15:29.830

Modified: 2025-11-03T18:16:28.167

Link: CVE-2025-38540

cve-icon Redhat

Severity : Moderate

Publid Date: 2025-08-16T00:00:00Z

Links: CVE-2025-38540 - Bugzilla