CVE-2025-38394

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.16.0-rc2-00321-g2aa6621d

Description A use-after-free (UAF) vulnerability exists in the Linux kernel's HID (Human Interface Device) subsystem, specifically within the appletb-kbd driver. The issue occurs when an input handler is initialized and registered with the input core, but a probe failure happens after registration before unregistration. This results in a dangling pointer to freed memory within the input handler list. Subsequent input device registrations can then trigger memory corruption when traversing this list and calling input attach handler(). The vulnerability was triggered by plugging in a PixArt HP USB optical mouse after a probe failure.

Recommendations Update to Linux kernel version 6.16.0-rc2-00321-g2aa6621d or a later version to address this issue.