Linux Kernel Nintendo HID Rumble Worker Null Pointer Dereference Vulnerability

Vulnerability

A null pointer dereference vulnerability has been identified in the Linux kernel's HID Nintendo driver. This issue arises when the driver attempts to queue work to a workqueue that has already been destroyed. Specifically, when a device is disconnected, the 'nintendo_hid_remove' function is called, which destroys the 'rumble_queue'. The vulnerability can be exploited by deferring rumble work after the controller state is set to 'JOYCON_CTLR_STATE_REMOVED', leading to the null pointer dereference.

Impact

Exploitation of this vulnerability leads to a null pointer dereference, causing a crash or denial of service condition.

Added: Jun 18, 2025, 9:22 PM

Updated: Jun 18, 2025, 9:22 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

3.5

remediation

0.0

relevance

0.2

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

3.5

remediation

0.0

relevance

0.2

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel Nintendo HID Rumble Worker Null Pointer Dereference Vulnerability

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating