CVE-2025-38378: 
Linux Ubuntu vulnerability analysis and mitigation

CVE-2025-38378 is a use-after-free vulnerability discovered in the Linux kernel's HID subsystem, specifically in the appletb-kbd driver. The vulnerability was disclosed on July 25, 2025, affecting the Linux kernel's touch bar keyboard functionality (NVD).

The vulnerability occurs in the appletbkbdprobe() function where a 'struct appletbkbd *kbd' is allocated via devmkzalloc() for storing touch bar keyboard data. When backlightdevicegetbyname() finds a backlight device named 'appletbbacklight', a timer (kbd->inactivitytimer) is set up and armed to run after 60 seconds. The use-after-free is triggered when a failure occurs after the timer is armed, causing the device-managed memory to be freed while the timer remains active (RedHat).

The vulnerability has been assigned a CVSS v3.1 base score of 5.5 (AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H), indicating moderate severity. The vulnerability primarily affects system availability through potential system crashes or memory corruption (RedHat).

The fix involves calling timerdeletesync() to deactivate the timer on failure paths and checking for a valid kbd->backlightdev before calling timerdeletesync in appletbkbd_remove(). This prevents the timer from remaining active and accessing freed memory (RedHat).