CVE-2025-38103 Affecting python3-perf package, versions *


Severity

Recommended
0.0
medium
0
10

Based on CentOS security rating.

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-CENTOS8-PYTHON3PERF-10592138
  • published3 Jul 2025
  • disclosed3 Jul 2025

Introduced: 3 Jul 2025

NewCVE-2025-38103  (opens in a new tab)

How to fix?

There is no fixed version for Centos:8 python3-perf.

NVD Description

Note: Versions mentioned in the description apply only to the upstream python3-perf package and not the python3-perf package as distributed by Centos. See How to fix? for Centos:8 relevant fixed versions and status.

In the Linux kernel, the following vulnerability has been resolved:

HID: usbhid: Eliminate recurrent out-of-bounds bug in usbhid_parse()

Update struct hid_descriptor to better reflect the mandatory and optional parts of the HID Descriptor as per USB HID 1.11 specification. Note: the kernel currently does not parse any optional HID class descriptors, only the mandatory report descriptor.

Update all references to member element desc[0] to rpt_desc.

Add test to verify bLength and bNumDescriptors values are valid.

Replace the for loop with direct access to the mandatory HID class descriptor member for the report descriptor. This eliminates the possibility of getting an out-of-bounds fault.

Add a warning message if the HID descriptor contains any unsupported optional HID class descriptors.

CVSS Base Scores

version 3.1