CVE-2025-39837
- Source
- https://cve.org/CVERecord?id=CVE-2025-39837
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-39837.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2025-39837
- Downstream
- Published
- 2025-09-19T15:26:12.152Z
- Modified
- 2026-03-20T12:43:04.240325Z
- Severity
-
- 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- platform/x86: asus-wmi: Fix racy registrations
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
platform/x86: asus-wmi: Fix racy registrations
asuswmiregister_driver() may be called from multiple drivers concurrently, which can lead to the racy list operations, eventually corrupting the memory and hitting Oops on some ASUS machines. Also, the error handling is missing, and it forgot to unregister ACPI lps0 dev ops in the error case.
This patch covers those issues by introducing a simple mutex at acpiwmiregisterdriver() & *unregisterdriver, and adding the proper call of asuss2idlecheckunregister() in the error path.
- Database specific
{ "cna_assigner": "Linux", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/39xxx/CVE-2025-39837.json" }- References
-
- https://git.kernel.org/stable/c/5549202b9c02c2ecbc8634768a3da8d9e82d548d
- https://git.kernel.org/stable/c/e7a70326fb26b905cfc8fe2366113aa4394733ef
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/39xxx/CVE-2025-39837.json
- https://nvd.nist.gov/vuln/detail/CVE-2025-39837
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git