CVE-2025-38540: 
Linux Kernel vulnerability analysis and mitigation

CVE-2025-38540 affects the Linux kernel and involves a vulnerability in the HID sensor interface of Chicony Electronics HP 5MP Cameras (USB ID 04F2:B824 & 04F2:B82C). The issue was discovered and reported on August 16, 2025, when these cameras were found to report a non-functional HID sensor interface that could cause system hangs (NVD).

The vulnerability occurs when attempting to access a non-functional sensor via iio_info, which causes system hangs as runtime PM tries to wake up an unresponsive sensor. The issue specifically affects cameras with USB IDs 04F2:B824 and 04F2:B82C that report a HID sensor interface that is not actually implemented. The vulnerability has been assigned a CVSS 3.1 Base Score of 4.4 (MEDIUM) with vector string CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H (NVD).

When exploited, this vulnerability can cause system hangs due to runtime Power Management (PM) attempting to wake up an unresponsive sensor. This affects system availability and stability when attempting to access the non-functional sensor interface (NVD).

The vulnerability has been resolved by adding the affected devices to the HID ignore list since the sensor interface is non-functional by design and should not be exposed to userspace. This fix has been implemented in various Linux kernel versions, and multiple vendors have released patches to address this issue (Broadcom Support).