CVE-2025-38253
- Source
- https://cve.org/CVERecord?id=CVE-2025-38253
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-38253.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2025-38253
- Downstream
- Related
- Published
- 2025-07-09T10:42:32.059Z
- Modified
- 2026-03-20T12:42:46.033971Z
- Summary
- HID: wacom: fix crash in wacom_aes_battery_handler()
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
HID: wacom: fix crash in wacomaesbattery_handler()
Commit fd2a9b29dc9c ("HID: wacom: Remove AES powersupply after extended inactivity") introduced wacomaesbatteryhandler() which is scheduled as a delayed work (aesbatterywork).
In wacomremove(), aesbatterywork is not canceled. Consequently, if the device is removed while aesbatterywork is still pending, then hard crashes or "Oops: general protection fault..." are experienced when wacomaesbatteryhandler() is finally called. E.g., this happens with built-in USB devices after resume from hibernate when aesbatterywork was still pending at the time of hibernation.
So, take care to cancel aesbatterywork in wacom_remove().
- Database specific
{ "cna_assigner": "Linux", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38253.json" }- References
-
- https://git.kernel.org/stable/c/57a3d82200dbeccd002244b96acad570eeeb731f
- https://git.kernel.org/stable/c/a4f182ffa30c52ad1c8e12edfb8049ee748c0f1b
- https://git.kernel.org/stable/c/f3054152c12e2eed1e72704aff47b0ea58229584
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38253.json
- https://nvd.nist.gov/vuln/detail/CVE-2025-38253
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git