DEBIAN-CVE-2025-38253

See a problem?
Please try reporting it to the source first.

Source

https://security-tracker.debian.org/tracker/CVE-2025-38253

Import Source

https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2025-38253.json

JSON Data

https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2025-38253

Upstream

CVE-2025-38253

Published

2025-07-09T11:15:27.540Z

Modified

2025-11-14T03:01:19.288906Z

Summary

[none]

Details

In the Linux kernel, the following vulnerability has been resolved: HID: wacom: fix crash in wacomaesbatteryhandler() Commit fd2a9b29dc9c ("HID: wacom: Remove AES powersupply after extended inactivity") introduced wacomaesbatteryhandler() which is scheduled as a delayed work (aesbatterywork). In wacomremove(), aesbatterywork is not canceled. Consequently, if the device is removed while aesbatterywork is still pending, then hard crashes or "Oops: general protection fault..." are experienced when wacomaesbatteryhandler() is finally called. E.g., this happens with built-in USB devices after resume from hibernate when aesbatterywork was still pending at the time of hibernation. So, take care to cancel aesbatterywork in wacomremove().

References

https://security-tracker.debian.org/tracker/CVE-2025-38253

Affected packages

Debian:13 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.12.37-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:14 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.12.37-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}