Memory Corruption Vulnerability in Linux Kernel's Input Handler for AppletB Keyboard
CVE-2025-38394

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 25 July 2025

What is CVE-2025-38394?

A vulnerability in the Linux kernel's input handling code related to the appletb keyboard has been identified, allowing for potential memory corruption. This occurs when an input handler is registered but not correctly unregistered following a failure in the probing process. As a result, the input_handler_list may end up containing references to freed memory, leading to a use-after-free condition. This issue could cause erratic behavior and crashes when new input devices are connected, as the system attempts to traverse the corrupted list. The recommended fix includes ensuring that input handlers are properly unregistered using the input_unregister_handler() function to maintain system integrity and security.

Affected Version(s)

Linux 7d62ba8deacf94f546a0b9dd9bc86617343187a3 < 6ad40b07e15c29712d9a4b8096914ccd82e3fc17

Linux 7d62ba8deacf94f546a0b9dd9bc86617343187a3

Linux 6.15

References

https://git.kernel.org/stable/c/6ad40b07e15c29712d9a4b809...

https://git.kernel.org/stable/c/c80f2b047d5cc42fbd2dff9d1...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 25, 2025
Vulnerability Reserved
Apr 16, 2025