CVE-2025-39808
Description
In the Linux kernel, the following vulnerability has been resolved:
HID: hid-ntrig: fix unable to handle page fault in ntrig_report_version()
in ntrig_report_version(), hdev parameter passed from hid_probe(). sending descriptor to /dev/uhid can make hdev->dev.parent->parent to null if hdev->dev.parent->parent is null, usb_dev has invalid address(0xffffffffffffff58) that hid_to_usb_dev(hdev) returned when usb_rcvctrlpipe() use usb_dev,it trigger page fault error for address(0xffffffffffffff58)
add null check logic to ntrig_report_version() before calling hid_to_usb_dev()
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Null pointer dereference in Linux kernel's ntrig HID driver allows local denial of service via crafted uhid descriptor.
The vulnerability is a null pointer dereference in the ntrig_report_version() function of the Linux kernel's hid-ntrig driver. When the driver initializes, it attempts to obtain a USB device pointer via hid_to_usb_dev(hdev). If hdev->dev.parent->parent is NULL, the returned pointer becomes invalid (e.g., 0xffffffffffffff58), leading to a page fault when used in usb_rcvctrlpipe(). [CVE description]
An attacker can trigger this by sending a crafted descriptor to the /dev/uhid device, which causes the vulnerable code path to execute. Exploitation requires local access and the ability to interact with the uhid interface, typically requiring root privileges or membership in the appropriate group.
A successful exploit results in a kernel panic (page fault), causing a denial of service (system crash). The vulnerability has a CVSS v3 base score of 5.5 (Medium) due to the need for local access and the medium impact on availability.
The fix adds a null check before calling hid_to_usb_dev() in ntrig_report_version(). Users should apply kernel patches. The Siemens advisory [1] lists this CVE among others affecting their SIMATIC CN 4100 product, urging firmware updates.
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
3- Linux/Linuxv5Range: 2.6.37
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
11- git.kernel.org/stable/c/019c34ca11372de891c06644846eb41fca7c890cnvdPatch
- git.kernel.org/stable/c/183def8e4d786e50165e5d992df6a3083e45e16cnvdPatch
- git.kernel.org/stable/c/185c926283da67a72df20a63a5046b3b4631b7d9nvdPatch
- git.kernel.org/stable/c/22ddb5eca4af5e69dffe2b54551d2487424448f1nvdPatch
- git.kernel.org/stable/c/4338b0f6544c3ff042bfbaf40bc9afe531fb08c7nvdPatch
- git.kernel.org/stable/c/6070123d5344d0950f10ef6a5fdc3f076abb7ad2nvdPatch
- git.kernel.org/stable/c/98520a9a3d69a530dd1ee280cbe0abc232a35bffnvdPatch
- git.kernel.org/stable/c/e422370e6ab28478872b914cee5d49a9bdfae0c6nvdPatch
- lists.debian.org/debian-lts-announce/2025/10/msg00007.htmlnvdThird Party Advisory
- lists.debian.org/debian-lts-announce/2025/10/msg00008.htmlnvdThird Party Advisory
- cert-portal.siemens.com/productcert/html/ssa-032379.htmlnvd
News mentions
1- Siemens SIMATICCISA ICS Advisories