CVE-2025-21746
📋 TL;DR
A race condition vulnerability in the Linux kernel's Synaptics touchpad driver can cause a kernel crash when enabling pass-through ports. This affects systems using Synaptics touchpads with the vulnerable driver. The crash occurs due to improper handling of interrupts before driver binding completes.
💻 Affected Systems
- Linux kernel with Synaptics touchpad driver
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to system crash and denial of service, potentially causing data loss or system instability.
Likely Case
System crash or freeze when enabling touchpad pass-through functionality, requiring reboot.
If Mitigated
Minor system instability that self-recovers or requires manual intervention.
🎯 Exploit Status
Exploitation requires triggering a specific race condition during pass-through port initialization. No known public exploits exist.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Linux kernel with commits 08bd5b7c9a2401faabdaa1472d45c7de0755fd7e, 3e179d3f1ada963475395d81bfe91daef4d1a24c, 87da1ea93ec9f9f0004e5b12e78789bc94e360bf, or a2cbcd70133dc0d4d4c95ad4cd5412b935354c7c
Vendor Advisory: https://git.kernel.org/stable/c/08bd5b7c9a2401faabdaa1472d45c7de0755fd7e
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing the fix commits. 2. For distributions: Use package manager (apt/yum/dnf) to update kernel package. 3. Reboot system to load new kernel.
🔧 Temporary Workarounds
Disable Synaptics pass-through
linuxPrevent the race condition by disabling pass-through port functionality
echo 'options psmouse proto=imps' > /etc/modprobe.d/psmouse.conf
rmmod psmouse
modprobe psmouse
🧯 If You Can't Patch
- Avoid enabling/disabling Synaptics touchpad pass-through functionality
- Implement system monitoring to detect and alert on kernel crashes
🔍 How to Verify
Check if Vulnerable:
Check kernel version and if Synaptics driver is loaded: lsmod | grep psmouse && uname -rCheck Version:
uname -rVerify Fix Applied:
Verify kernel version includes fix commits: git log --oneline | grep -E '08bd5b7c9a2401faabdaa1472d45c7de0755fd7e|3e179d3f1ada963475395d81bfe91daef4d1a24c|87da1ea93ec9f9f0004e5b12e78789bc94e360bf|a2cbcd70133dc0d4d4c95ad4cd5412b935354c7c'📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages in /var/log/kern.log or dmesg
- System crash reports related to psmouse or synaptics driver
Network Indicators:
- None - local vulnerability only
SIEM Query:
source="kernel" AND ("panic" OR "Oops") AND ("psmouse" OR "synaptics")