CVE-2025-38507

EPSS 0.02%
Published 16.08.2025 10:54:44
Last modified 18.08.2025 20:16:28
Source 416baaa9-dc9f-4396-8d5f-8c081f
Teams watchlist Login
Open Login

In the Linux kernel, the following vulnerability has been resolved:

HID: nintendo: avoid bluetooth suspend/resume stalls

Ensure we don't stall or panic the kernel when using bluetooth-connected
controllers. This was reported as an issue on android devices using
kernel 6.6 due to the resume hook which had been added for usb joycons.

First, set a new state value to JOYCON_CTLR_STATE_SUSPENDED in a
newly-added nintendo_hid_suspend. This makes sure we will not stall out
the kernel waiting for input reports during led classdev suspend. The
stalls could happen if connectivity is unreliable or lost to the
controller prior to suspend.

Second, since we lose connectivity during suspend, do not try
joycon_init() for bluetooth controllers in the nintendo_hid_resume path.

Tested via multiple suspend/resume flows when using the controller both
in USB and bluetooth modes.

Affected products Warnungen 0 Metrics 1 CWE 0 References 6

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

This information is available to logged-in users.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

VendorLinux

≫

Product Linux

Default Statusunaffected

Version < 7b4a026313529a487821ef6ab494a61f12c1db08

Version 2af16c1f846bd60240745bbd3afa13d5f040c61a

Status affected

Version < 72cb7eef06a5cde42b324dea85fa11fd5bb6a08a

Version 2af16c1f846bd60240745bbd3afa13d5f040c61a

Status affected

Version < 4a0381080397e77792a5168069f174d3e56175ff

Version 2af16c1f846bd60240745bbd3afa13d5f040c61a

Status affected

VendorLinux

≫

Product Linux

Default Statusaffected

Version 5.16

Status affected

Version < 5.16

Version 0

Status unaffected

Version <= 6.12.*

Version 6.12.39

Status unaffected

Version <= 6.15.*

Version 6.15.7

Status unaffected

Version <= *

Version 6.16

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.02%	0.048

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string

https://git.kernel.org/stable/c/7b4a026313529a487821ef6ab494a61f12c1db08

https://git.kernel.org/stable/c/72cb7eef06a5cde42b324dea85fa11fd5bb6a08a

https://git.kernel.org/stable/c/4a0381080397e77792a5168069f174d3e56175ff

https://nvd.nist.gov/vuln/detail/CVE-2025-38507

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-38507

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-38507

EUVD