5.5

CVE-2025-21917

usb: renesas_usbhs: Flush the notify_hotplug_work

In the Linux kernel, the following vulnerability has been resolved:

usb: renesas_usbhs: Flush the notify_hotplug_work

When performing continuous unbind/bind operations on the USB drivers
available on the Renesas RZ/G2L SoC, a kernel crash with the message
"Unable to handle kernel NULL pointer dereference at virtual address"
may occur. This issue points to the usbhsc_notify_hotplug() function.

Flush the delayed work to avoid its execution when driver resources are
unavailable.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 3.0 < 5.4.291
LinuxLinux Kernel Version >= 5.5 < 5.10.235
LinuxLinux Kernel Version >= 5.11 < 5.15.179
LinuxLinux Kernel Version >= 5.16 < 6.1.131
LinuxLinux Kernel Version >= 6.2 < 6.6.83
LinuxLinux Kernel Version >= 6.7 < 6.12.19
LinuxLinux Kernel Version >= 6.13 < 6.13.7
LinuxLinux Kernel Version6.14 Updaterc1
LinuxLinux Kernel Version6.14 Updaterc2
LinuxLinux Kernel Version6.14 Updaterc3
LinuxLinux Kernel Version6.14 Updaterc4
LinuxLinux Kernel Version6.14 Updaterc5
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.23% 0.136
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

https://git.kernel.org/stable/c/3248c1f833f924246cb98ce7da4569133c1b2292
Patch
https://git.kernel.org/stable/c/394965f90454d6f00fe11879142b720c6c1a872e
Patch
https://git.kernel.org/stable/c/4ca078084cdd5f32d533311d6a0b63a60dcadd41
Patch
https://git.kernel.org/stable/c/4cd847a7b630a85493d0294ad9542c21aafaa246
Patch
https://git.kernel.org/stable/c/552ca6b87e3778f3dd5b87842f95138162e16c82
Patch
https://git.kernel.org/stable/c/830818c8e70c0364e377f0c243b28061ef7967eb
Patch
https://git.kernel.org/stable/c/d50f5c0cd949593eb9a3d822b34d7b50046a06b7
Patch
https://git.kernel.org/stable/c/e5aac1c9b2974636db7ce796ffa6de88fa08335e
Patch
https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html
https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html