Volerion logoVolerion
Volerion logoVolerion

Linux Kernel EXC3000 Driver Unbind Timer Handling Vulnerability

Vulnerability

A use-after-free vulnerability has been addressed in the Linux kernel's EXC3000 multi-touch driver. This issue arose because the driver did not properly stop a scheduled timer during the unbinding process or in the event of a probe failure. As a result, the timer could be deleted while still in use, leading to a use-after-free condition and a subsequent kernel oops.

Impact

Exploitation of this vulnerability could lead to a use-after-free condition, causing a kernel oops, which is a general protection fault indicating that the kernel has encountered an unexpected condition.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been fixed. Instructions for downloading the patched version are available on the Linux kernel official website.

Added: Oct 7, 2025, 5:26 PM
Updated: Oct 7, 2025, 5:26 PM

Vulnerability Rating

Custom Algorithm
spread
9.0
impact
2.5
exploitability
5.3
remediation
7.7
relevance
0.6
threat
3.2
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.