CVE-2025-38507
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-08-16

Last updated on: 2025-11-19

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: HID: nintendo: avoid bluetooth suspend/resume stalls Ensure we don't stall or panic the kernel when using bluetooth-connected controllers. This was reported as an issue on android devices using kernel 6.6 due to the resume hook which had been added for usb joycons. First, set a new state value to JOYCON_CTLR_STATE_SUSPENDED in a newly-added nintendo_hid_suspend. This makes sure we will not stall out the kernel waiting for input reports during led classdev suspend. The stalls could happen if connectivity is unreliable or lost to the controller prior to suspend. Second, since we lose connectivity during suspend, do not try joycon_init() for bluetooth controllers in the nintendo_hid_resume path. Tested via multiple suspend/resume flows when using the controller both in USB and bluetooth modes.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-08-16
Last Modified
2025-11-19
Generated
2026-05-27
AI Q&A
2025-08-16
EPSS Evaluated
2026-05-25
NVD
CVE-2025-38507
Affected Vendors & Products
Showing 5 associated CPEs
Vendor Product Version / Range
linux linux_kernel 6.16
linux linux_kernel 6.16
linux linux_kernel 6.16
linux linux_kernel From 5.15.160 (inc) to 5.16 (inc)
linux linux_kernel From 5.15.160 (inc) to 5.16 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-NVD-CWE-noinfo
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability involves the Linux kernel's handling of Nintendo Bluetooth-connected controllers. Specifically, the kernel could stall or panic during suspend/resume operations when using these controllers due to the resume hook added for USB Joycons. The issue arises because the kernel waits for input reports during LED class device suspend, which can cause stalls if the Bluetooth connectivity is unreliable or lost. The fix involves setting a new suspended state to avoid waiting for input reports and preventing reinitialization of Bluetooth controllers during resume, thus avoiding kernel stalls or panics.


How can this vulnerability impact me? :

This vulnerability can cause the Linux kernel to stall or panic during suspend or resume operations when using Bluetooth-connected Nintendo controllers. This can lead to system instability or unresponsiveness, especially on devices like Android phones running kernel 6.6, potentially disrupting normal device usage and requiring a reboot or other recovery actions.


What immediate steps should I take to mitigate this vulnerability?

To mitigate this vulnerability, update your Linux kernel to a version that includes the fix for the HID nintendo bluetooth suspend/resume issue (such as kernel 6.6 or later). This update ensures that the kernel will not stall or panic when using bluetooth-connected Nintendo controllers by properly handling suspend and resume states. Avoid using affected kernel versions that do not include this fix.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart