User-After-Free Vulnerability in ASUS HID Devices from Linux Kernel
CVE-2025-39824

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 16 September 2025

What is CVE-2025-39824?

A user-after-free vulnerability exists in ASUS HID devices managed by the Linux kernel. This flaw allows a malicious HID device, such as a specially crafted ASUS ROG N-Key keyboard, to exploit the system. The vulnerability arises when the hid_hw_start() function inappropriately processes the device descriptors, potentially bypassing capability bitmap configurations. This leads to improper handling of memory, allowing the attacker to manipulate the freed memory space, resulting in possible data corruption or arbitrary code execution. These factors highlight the critical need for robust validation and error management in HID device connectivity.

Affected Version(s)

Linux 9ce12d8be12c94334634dd57050444910415e45f < 9a9e4a8317437bf944fa017c66e1e23a0368b5c7

Linux 9ce12d8be12c94334634dd57050444910415e45f < 7170122e2ae4ab378c9cdf7cc54dea8b0abbbca5

Linux 9ce12d8be12c94334634dd57050444910415e45f

References

https://git.kernel.org/stable/c/9a9e4a8317437bf944fa017c6...

https://git.kernel.org/stable/c/7170122e2ae4ab378c9cdf7cc...

https://git.kernel.org/stable/c/eaae728e7335b5dbad70966e2...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 16, 2025
Vulnerability Reserved
Apr 16, 2025