CVE-2025-38016

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A bug in the Linux kernel's HID bpf implementation can cause a cleaned-up SRCU to be accessed after a device has been destroyed, leading to a potential issue. This occurs when a device under the driver has LEDs and the hid ll driver->request() function is unimplemented. The bug can be triggered when the hidinput led worker() function is scheduled after hid bpf destroy device() and attempts to access the destroyed device. The impact of the bug on other architectures is unclear, but it may cause corruption of memory addresses calculated by SRCU.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.