PT-2025-37969 · Linux+5 · Linux Kernel+5

Published

2025-01-01

·

Updated

2026-05-07

·

CVE-2025-39824

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description A user-after-free vulnerability exists in the Linux kernel related to HID (Human Interface Device) processing, specifically within the handling of ASUS ROG N-Key keyboards. A maliciously crafted HID descriptor, utilizing the HID UP UNDEFINED Usage Page, can trigger the vulnerability. This occurs because capability bitmaps may not be properly set during usage configuration, leading to the freeing of an input device and subsequent use of the freed memory when the device name is written. This can lead to a system crash as demonstrated by a KASAN (Kernel Address Sanitizer) splat.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Use After Free

Weakness Enumeration

CWE-416

Related Identifiers

AZL-67422
AZL-74721
BDU:2025-15261
CVE-2025-39824
DLA-4327-1
DLA-4328-1
DSA-6008-1
DSA-6009-1
ECHO-EADF-C48D-2CDE
OESA-2025-2465
OESA-2025-2466
OESA-2025-2467
OPENSUSE-SU-2025:20081-1
SUSE-SU-2025:03600-1
SUSE-SU-2025:03614-1
SUSE-SU-2025:03615-1
SUSE-SU-2025:03628-1
SUSE-SU-2025:03634-1
SUSE-SU-2025:20851-1
SUSE-SU-2025:20861-1
SUSE-SU-2025:20870-1
SUSE-SU-2025:20898-1
SUSE-SU-2025:21074-1
SUSE-SU-2025:21139-1
SUSE-SU-2025:21179-1
SUSE-SU-2025:3716-1
SUSE-SU-2025:3751-1
SUSE-SU-2025:3761-1
SUSE-SU-2025:4057-1
SUSE-SU-2025:4132-1
SUSE-SU-2025:4141-1
USN-7909-1
USN-7909-2
USN-7909-3
USN-7909-4
USN-7909-5
USN-7910-1
USN-7910-2
USN-7933-1
USN-7938-1
USN-8095-1
USN-8095-2
USN-8095-3
USN-8095-4
USN-8095-5
USN-8100-1
USN-8125-1
USN-8126-1
USN-8165-1
USN-8261-1

Affected Products

Asus Rog N-Key
Debian
Linuxmint
Linux Kernel
Suse
Ubuntu