Concurrency Issue in ASUS WMI Driver within Linux Kernel
CVE-2025-39837

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 19 September 2025

What is CVE-2025-39837?

A concurrency vulnerability exists in the ASUS WMI driver within the Linux kernel, caused by the simultaneous execution of asus_wmi_register_driver() from multiple drivers. This leads to race conditions during the registration process, which can result in memory corruption and system instability. The issue is compounded by inadequate error handling, particularly the failure to unregister ACPI lps0 device operations during error scenarios. A recent patch has addressed these vulnerabilities by implementing necessary mutexes at the registration points and refining the error handling procedures to ensure system robustness.

Affected Version(s)

Linux feea7bd6b02d43a794e3f065650d89cf8d8e8e59

Linux feea7bd6b02d43a794e3f065650d89cf8d8e8e59 < 5549202b9c02c2ecbc8634768a3da8d9e82d548d

Linux 6.16

References

https://git.kernel.org/stable/c/e7a70326fb26b905cfc8fe236...

https://git.kernel.org/stable/c/5549202b9c02c2ecbc8634768...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 19, 2025
Vulnerability Reserved
Apr 16, 2025