CVE-2025-21952 – A race condition vulnerability in the Linux ker... (How to Fix)

Q: What is the severity of CVE-2025-21952?

CVE-2025-21952 has a CVSS score of 5.5 (MEDIUM). A race condition vulnerability in the Linux kernel's Corsair VOID HID driver could cause kernel panics when handling battery status updates. This affects systems using Corsair VOID wireless peripherals with vulnerable kernel versions. The vulnerability requires physical access to the affected device.

📋 TL;DR

A race condition vulnerability in the Linux kernel's Corsair VOID HID driver could cause kernel panics when handling battery status updates. This affects systems using Corsair VOID wireless peripherals with vulnerable kernel versions. The vulnerability requires physical access to the affected device.

💻 Affected Systems

Products:

Linux kernel with corsair-void HID driver

Versions: Kernel versions containing the vulnerable code up to the fix

Operating Systems: Linux distributions using affected kernel versions

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems with Corsair VOID wireless peripherals connected. Requires the corsair-void driver module to be loaded.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic leading to system crash and denial of service, requiring physical reboot.

🟠

Likely Case

System instability or crash when interacting with Corsair VOID devices, particularly during battery status changes.

🟢

If Mitigated

Minor system disruption that self-resolves or requires device reconnection.

🌐 Internet-Facing: LOW - Requires physical device interaction, not remotely exploitable.

🏢 Internal Only: MEDIUM - Could be exploited by malicious insiders with physical access to Corsair VOID devices.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires physical access to connect/disconnect Corsair VOID devices to trigger the race condition.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Kernel versions containing commits 0c28e4d1e10d2aae608094620bb386e6fd73d55e and de19c9dfb68f7c5791accc89047f92e952f57996

Vendor Advisory: https://git.kernel.org/stable/c/0c28e4d1e10d2aae608094620bb386e6fd73d55e

Restart Required: Yes

Instructions:

1. Update Linux kernel to patched version. 2. Rebuild kernel if using custom kernel. 3. Reboot system to load new kernel.

🔧 Temporary Workarounds

Disable corsair-void driver

linux

Prevent loading of the vulnerable driver module

echo 'blacklist corsair_void' >> /etc/modprobe.d/blacklist.conf
rmmod corsair_void

Disconnect Corsair VOID devices

all

Remove the vulnerable hardware from the system

🧯 If You Can't Patch

Disconnect all Corsair VOID wireless peripherals from affected systems
Implement physical security controls to prevent unauthorized device connections

🔍 How to Verify

Check if Vulnerable:

Check if corsair_void kernel module is loaded: lsmod | grep corsair_void

Check Version:

uname -r

Verify Fix Applied:

Check kernel version includes fix commits: uname -r and verify against patched versions

📡 Detection & Monitoring

Log Indicators:

Kernel panic messages in /var/log/kern.log or dmesg
OOM killer messages related to corsair_void

SIEM Query:

source="kernel" AND ("panic" OR "Oops") AND "corsair_void"

📊 Metadata

CVE ID: CVE-2025-21952

CVSS v3 Score: 5.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS Score: 0.07% exploit probability (22.2th percentile)

Published: April 1, 2025

Last Updated: October 30, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON