PT-2025-37963 · Linux+4 · Linux Kernel+4

Published

2025-08-03

Updated

2026-03-17

CVE-2025-39818

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.16.0+ #3

Description The Linux kernel contained a flaw in the intel-thc-hid module related to incorrect pointer arithmetic when saving I2C registers. This improper use of a secondary pointer led to a kernel crash and an out-of-bounds write error, specifically a KASAN (Kernel Address Sanitizer) slab-out-of-bounds error during a regmap bulk read operation. The issue stemmed from using an incorrect pointer, causing access to memory outside the allocated region. The vulnerability was addressed by replacing the pointer arithmetic with direct array indexing to ensure safe memory access.

Recommendations Update to Linux kernel version 6.16.0+ #3 or later to resolve this issue.

Exploit

Fix

Out of bounds Read

Improper Validation of Array Index

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-763CWE-125CWE-129CWE-787

Related Identifiers

ALSA-2026:4012

ALSA-2026:4759

BDU:2026-03306

CVE-2025-39818

RHSA-2026:4012

RHSA-2026:4759

USN-7879-1

USN-7879-2

USN-7879-3

USN-7879-4

USN-7934-1

Affected Products

Astra Linux

Linuxmint

Linux Kernel

Ubuntu

Intel-Thc-Hid

PT-2025-37963 · Linux+4 · Linux Kernel+4

CVE-2025-39818

Weakness Enumeration

Related Identifiers

Affected Products

References · 263