CVE-2025-39806

Q: What is the severity of CVE-2025-39806?

CVE-2025-39806 has a CVSS score of 7.1 (HIGH). This vulnerability allows a malicious HID device to trigger a slab out-of-bounds memory access in the Linux kernel's multitouch driver. Attackers could potentially cause kernel crashes or achieve arbitrary code execution by connecting specially crafted USB devices. All Linux systems using the affected kernel versions are vulnerable when connecting untrusted HID devices.

7.1 HIGH

Denial of Service

📋 TL;DR

This vulnerability allows a malicious HID device to trigger a slab out-of-bounds memory access in the Linux kernel's multitouch driver. Attackers could potentially cause kernel crashes or achieve arbitrary code execution by connecting specially crafted USB devices. All Linux systems using the affected kernel versions are vulnerable when connecting untrusted HID devices.

💻 Affected Systems

Products:

Linux kernel

Versions: Specific affected versions not specified in CVE, but includes versions before the fix commits listed in references

Operating Systems: Linux distributions using vulnerable kernel versions

Default Config Vulnerable: ⚠️ Yes

Notes: Requires multitouch HID driver to be loaded and malicious USB device connection. Most desktop/laptop systems with USB ports are vulnerable by default.

📦 What is this software?

Debian Linux by Debian

View all CVEs affecting Debian Linux →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic leading to system crash, or potential arbitrary code execution with kernel privileges resulting in complete system compromise.

🟠

Likely Case

Kernel crash/panic causing system instability or denial of service when connecting malicious HID devices.

🟢

If Mitigated

No impact if proper USB device restrictions are in place and untrusted devices cannot be connected.

🌐 Internet-Facing: LOW - This requires physical or local USB device access, not directly exploitable over network.

🏢 Internal Only: MEDIUM - Malicious insiders or compromised workstations could exploit this by connecting malicious USB devices.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires physical access or ability to connect USB devices. No authentication needed once device is connected.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Kernel versions containing commits: 0379eb8691b9c4477da0277ae0832036ca4410b4, 3055309821dd3da92888f88bad10f0324c3c89fe, 4263e5851779f7d8ebfbc9cc7d2e9b0217adba8d, 7ab7311c43ae19c66c53ccd8c5052a9072a4e338, c13e95587583d018cfbcc277df7e02d41902ac5a

Vendor Advisory: https://git.kernel.org/stable/c/0379eb8691b9c4477da0277ae0832036ca4410b4

Restart Required: Yes

Instructions:

1. Update Linux kernel to patched version from your distribution's repositories. 2. Reboot system to load new kernel. 3. Verify kernel version after reboot.

🔧 Temporary Workarounds

Disable USB device auto-mounting

linux

Prevent automatic loading of HID drivers when USB devices are connected

echo 'install usb-storage /bin/true' >> /etc/modprobe.d/disable-usb.conf
echo 'blacklist usbhid' >> /etc/modprobe.d/blacklist.conf
update-initramfs -u

Restrict USB device access

linux

Use udev rules to block unauthorized USB devices

echo 'SUBSYSTEM=="usb", ATTR{idVendor}=="*", ATTR{idProduct}=="*", MODE="0660", GROUP="trusted"' > /etc/udev/rules.d/99-usb-restrict.rules
udevadm control --reload-rules

🧯 If You Can't Patch

Implement strict physical security controls to prevent unauthorized USB device connections
Use USB port blockers or disable USB ports in BIOS/UEFI for non-essential systems

🔍 How to Verify

Check if Vulnerable:

Check kernel version and compare with distribution's security advisories. Vulnerable if using kernel before patched versions.

Check Version:

uname -r

Verify Fix Applied:

Check kernel version after update: uname -r should show patched version. Verify multitouch driver loads without errors.

📡 Detection & Monitoring

Log Indicators:

Kernel panic messages in /var/log/kern.log or dmesg
KASAN reports of slab out-of-bounds in mt_report_fixup()
USB device connection errors followed by system instability

Network Indicators:

No network indicators - this is a local physical attack vector

SIEM Query:

source="kernel" AND ("KASAN: slab-out-of-bounds" OR "mt_report_fixup" OR "BUG: kernel NULL pointer dereference")

📊 Metadata

CVE ID: CVE-2025-39806

CVSS v3 Score: 7.1 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

CWE: CWE-125

EPSS Score: 0.01% exploit probability (1.2th percentile)

Published: September 16, 2025

Last Updated: January 16, 2026

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Debian Linux by Debian

Linux Kernel by Linux

Linux Kernel by Linux

Linux Kernel by Linux

Linux Kernel by Linux

Linux Kernel by Linux

Linux Kernel by Linux

Linux Kernel by Linux

Linux Kernel by Linux

Linux Kernel by Linux

Linux Kernel by Linux

Linux Kernel by Linux

Linux Kernel by Linux

Linux Kernel by Linux

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Disable USB device auto-mounting

Restrict USB device access

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities