Linux Kernel HID Vulnerability in Wacom Devices by Vendor
CVE-2025-38253

Currently unrated

Key Information:

Vendor

Linux

Status
Vendor
CVE Published:
9 July 2025

What is CVE-2025-38253?

In the Linux kernel, a flaw exists within the handling of Wacom devices, specifically linked to the scheduled operation of the aes_battery_work function. When a device is removed, the pending work is not canceled, leading to severe crashes, or 'Oops: general protection fault', when the handler is invoked later. This scenario predominantly arises for built-in USB devices after resuming from hibernation while aes_battery_work remains pending. The proper management of this function during device removal is critical to prevent crashes and maintain system integrity.

Affected Version(s)

Linux fd2a9b29dc9c4c35def91d5d1c5b470843539de6

Linux fd2a9b29dc9c4c35def91d5d1c5b470843539de6 < 57a3d82200dbeccd002244b96acad570eeeb731f

Linux fd2a9b29dc9c4c35def91d5d1c5b470843539de6

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-38253 : Linux Kernel HID Vulnerability in Wacom Devices by Vendor