CVE-2025-38253
BaseFortify
Publication date: 2025-07-09
Last updated on: 2025-11-19
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
| linux | linux_kernel | 6.16 |
| linux | linux_kernel | 6.16 |
| linux | linux_kernel | 6.16 |
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-NVD-CWE-noinfo |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability occurs in the Linux kernel's Wacom driver where a delayed work task called aes_battery_work is not properly canceled when the device is removed. If the device is removed while this task is still pending, it can lead to hard crashes or general protection faults when the handler function wacom_aes_battery_handler() is eventually called.
How can this vulnerability impact me? :
The vulnerability can cause system instability by triggering hard crashes or general protection faults in the Linux kernel when a Wacom device is removed while a delayed work task is still pending. This can disrupt normal system operation, potentially leading to data loss or requiring a system reboot.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, ensure that the Linux kernel version you are using includes the fix that cancels aes_battery_work in wacom_remove(). This prevents crashes caused by pending delayed work when the device is removed. Updating to the patched kernel version that contains commit fd2a9b29dc9c or later is recommended.