Use-After-Free Vulnerability in Linux Kernel Affecting HID Appletb Keyboard Driver
CVE-2025-38378

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 25 July 2025

What is CVE-2025-38378?

A use-after-free vulnerability has been identified in the HID appletb keyboard driver within the Linux kernel, specifically in the appletb_kbd_probe function. When a failure occurs after a timer has been armed to manage keyboard inactivity, the allocated structure for keyboard data is freed improperly, leading to potential access of stale memory. This flaw arises because the timer remains active and continues to reference the released memory block, posing a risk to system stability and security. Developers are advised to implement protection measures by ensuring the timer is appropriately disarmed during failure cases, notably by utilizing timer_delete_sync prior to freeing memory.

Affected Version(s)

Linux 93a0fc48948107e0cc34e1de22c3cb363a8f2783 < 51720dee3a61ebace36c3dcdd0b4a488e0970f29

Linux 93a0fc48948107e0cc34e1de22c3cb363a8f2783 < 38224c472a038fa9ccd4085511dd9f3d6119dbf9

Linux 6.15

References

https://git.kernel.org/stable/c/51720dee3a61ebace36c3dcdd...

https://git.kernel.org/stable/c/38224c472a038fa9ccd408551...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 25, 2025
Vulnerability Reserved
Apr 16, 2025