logo_clicknbuy.png

CVE-2025-38507 – Nintendo Bluetooth HID Stall and Panic Vulnerability

The following table lists the changes that have been made to the
CVE-2025-38507 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution
of a vulnerability, and for identifying the most recent changes that may
impact the vulnerability’s severity, exploitability, or other characteristics.

  • New CVE Received
    by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

    Aug. 16, 2025

    Action Type Old Value New Value
    Added Description In the Linux kernel, the following vulnerability has been resolved:

    HID: nintendo: avoid bluetooth suspend/resume stalls

    Ensure we don’t stall or panic the kernel when using bluetooth-connected
    controllers. This was reported as an issue on android devices using
    kernel 6.6 due to the resume hook which had been added for usb joycons.

    First, set a new state value to JOYCON_CTLR_STATE_SUSPENDED in a
    newly-added nintendo_hid_suspend. This makes sure we will not stall out
    the kernel waiting for input reports during led classdev suspend. The
    stalls could happen if connectivity is unreliable or lost to the
    controller prior to suspend.

    Second, since we lose connectivity during suspend, do not try
    joycon_init() for bluetooth controllers in the nintendo_hid_resume path.

    Tested via multiple suspend/resume flows when using the controller both
    in USB and bluetooth modes.
    Added Reference https://git.kernel.org/stable/c/4a0381080397e77792a5168069f174d3e56175ff
    Added Reference https://git.kernel.org/stable/c/72cb7eef06a5cde42b324dea85fa11fd5bb6a08a
    Added Reference https://git.kernel.org/stable/c/7b4a026313529a487821ef6ab494a61f12c1db08
Share the Post:

Related Posts