CVE-2025-39837
BaseFortify
Publication date: 2025-09-19
Last updated on: 2025-12-12
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | From 6.16 (inc) to 6.16.6 (exc) |
| linux | linux_kernel | 6.17 |
| linux | linux_kernel | 6.17 |
| linux | linux_kernel | 6.17 |
| linux | linux_kernel | 6.17 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-787 | The product writes data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability occurs in the Linux kernel's asus-wmi driver on x86 platforms. The function asus_wmi_register_driver() can be called concurrently by multiple drivers, leading to race conditions during list operations. This race condition can corrupt memory and cause system crashes (Oops) on some ASUS machines. Additionally, error handling was incomplete, missing unregistration of certain ACPI device operations in error cases. The fix involves adding a mutex to serialize driver registration and unregistration, and improving error handling to properly unregister resources.
How can this vulnerability impact me? :
This vulnerability can cause memory corruption and system crashes (kernel Oops) on affected ASUS machines running the vulnerable Linux kernel. This can lead to system instability, unexpected reboots, or denial of service, potentially disrupting normal operations.
What immediate steps should I take to mitigate this vulnerability?
Apply the patch that fixes the race condition in asus_wmi_register_driver() by introducing a mutex and proper error handling as described. This involves updating the Linux kernel to a version that includes this fix to prevent memory corruption and system crashes on affected ASUS machines.