CVE-2025-21746: 
Linux Kernel vulnerability analysis and mitigation

CVE-2025-21746 affects the Linux kernel's Synaptics touchpad driver, specifically related to the pass-through port functionality. The vulnerability was discovered in early 2025 and involves a potential crash when enabling the pass-through port feature (Kernel Git).

The vulnerability occurs when an interrupt arrives before the psmouse driver binds to the pass-through port. The Synaptics sub-driver attempts to access the psmouse instance associated with the pass-through port to determine packet forwarding requirements, but may crash if the psmouse instance hasn't been attached to the port yet. The issue stems from improper validation of the port state before accessing the psmouse instance (Kernel Git).

When exploited, this vulnerability can cause a system crash due to invalid memory access when enabling the pass-through port feature on Synaptics touchpad devices (Kernel Git).

The issue has been fixed by introducing open() and close() methods for the port and implementing proper state checking. The fix ensures that the port's state is verified before attempting to access the psmouse instance. Because psmouse calls serio_open() only after attaching the psmouse instance to the serio port instance, this prevents the potential crash (Kernel Git).