CVE-2025-38540

HID: quirks: Add quirk for 2 Chicony Electronics HP 5MP Cameras

Description

In the Linux kernel, the following vulnerability has been resolved: HID: quirks: Add quirk for 2 Chicony Electronics HP 5MP Cameras The Chicony Electronics HP 5MP Cameras (USB ID 04F2:B824 & 04F2:B82C) report a HID sensor interface that is not actually implemented. Attempting to access this non-functional sensor via iio_info causes system hangs as runtime PM tries to wake up an unresponsive sensor. Add these 2 devices to the HID ignore list since the sensor interface is non-functional by design and should not be exposed to userspace.

N/A
CVSS
Severity:
EPSS 0.04%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/35f1a5360ac68d9629abbb3930a0a07901cba296
https://git.kernel.org/stable/c/7ac00f019698f614a49cce34c198d0568ab0e1c2
https://git.kernel.org/stable/c/1b297ab6f38ca60a4ca7298b297944ec6043b2f4
https://git.kernel.org/stable/c/2b0931eee48208c25bb77486946dea8e96aa6a36
https://git.kernel.org/stable/c/3ce1d87d1f5d80322757aa917182deb7370963b9
https://git.kernel.org/stable/c/c72536350e82b53a1be0f3bfdf1511bba2827102
https://git.kernel.org/stable/c/a2a91abd19c574b598b1c69ad76ad9c7eedaf062
https://git.kernel.org/stable/c/54bae4c17c11688339eb73a04fd24203bb6e7494

Frequently Asked Questions

What is the severity of CVE-2025-38540?
CVE-2025-38540 has not yet been assigned a CVSS score.
How to fix CVE-2025-38540?
To fix CVE-2025-38540, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2025-38540 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2025-38540 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2025-38540?
CVE-2025-38540 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.