CVE-2025-38507

MEDIUM EPSS 3.3%
Published Aug 16, 202510mo ago · Modified Jun 17, 20262w ago
5.5 CVSS 3.1
Medium
Find Similar
Published Aug 16, 2025 10mo ago
Last Modified Jun 17, 2026 2w ago

Description

In the Linux kernel, the following vulnerability has been resolved: HID: nintendo: avoid bluetooth suspend/resume stalls Ensure we don't stall or panic the kernel when using bluetooth-connected controllers. This was reported as an issue on android devices using kernel 6.6 due to the resume hook which had been added for usb joycons. First, set a new state value to JOYCON_CTLR_STATE_SUSPENDED in a newly-added nintendo_hid_suspend. This makes sure we will not stall out the kernel waiting for input reports during led classdev suspend. The stalls could happen if connectivity is unreliable or lost to the controller prior to suspend. Second, since we lose connectivity during suspend, do not try joycon_init() for bluetooth controllers in the nintendo_hid_resume path. Tested via multiple suspend/resume flows when using the controller both in USB and bluetooth modes.

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
3.3% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Affected Products 5

VendorProductVersionRange
linuxlinux_kernel*≥5.16  –  <6.12.39
linuxlinux_kernel*≥6.13  –  <6.15.7
linuxlinux_kernel6.16any
linuxlinux_kernel6.16any
linuxlinux_kernel6.16any

References 3

  • git.kernel.org https://git.kernel.org/stable/c/4a0381080397e77792a5168069f174d3e56175ff
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/72cb7eef06a5cde42b324dea85fa11fd5bb6a08a
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/7b4a026313529a487821ef6ab494a61f12c1db08
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/4a0381080397e77792a5168069f174d3e56175ff
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/72cb7eef06a5cde42b324dea85fa11fd5bb6a08a
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/7b4a026313529a487821ef6ab494a61f12c1db08
    Patch