Linux Kernel ASUS WMI Driver Race Condition Vulnerability

Vulnerability

A race condition vulnerability has been identified in the Linux kernel's ASUS WMI driver management. The issue arises because the 'asus_wmi_register_driver()' function can be invoked concurrently by multiple drivers. This can lead to race conditions in list operations, potentially corrupting memory and causing system errors on certain ASUS machines. Additionally, the current implementation lacks proper error handling, failing to unregister ACPI lps0 device operations when an error occurs. The vulnerability has been addressed by introducing a mutex to synchronize driver registrations and unregistrations, and by ensuring that the 'asus_s2idle_check_unregister()' function is called in the event of an error.

Impact

Exploitation of this vulnerability can lead to memory corruption and system crashes on affected ASUS machines.

Added: Sep 19, 2025, 5:16 PM

Updated: Sep 19, 2025, 5:16 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

3.5

remediation

7.7

relevance

0.5

threat

3.2

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

3.5

remediation

7.7

relevance

0.5

threat

3.2

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel ASUS WMI Driver Race Condition Vulnerability

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating