7.8
CVE-2025-21928
- EPSS 0.2%
- Veröffentlicht 01.04.2025 16:15:23
- Zuletzt bearbeitet 03.11.2025 20:17:29
- Quelle 416baaa9-dc9f-4396-8d5f-8c081f
- CVE-Watchlists
- Unerledigt
HID: intel-ish-hid: Fix use-after-free issue in ishtp_hid_remove()
In the Linux kernel, the following vulnerability has been resolved: HID: intel-ish-hid: Fix use-after-free issue in ishtp_hid_remove() The system can experience a random crash a few minutes after the driver is removed. This issue occurs due to improper handling of memory freeing in the ishtp_hid_remove() function. The function currently frees the `driver_data` directly within the loop that destroys the HID devices, which can lead to accessing freed memory. Specifically, `hid_destroy_device()` uses `driver_data` when it calls `hid_ishtp_set_feature()` to power off the sensor, so freeing `driver_data` beforehand can result in accessing invalid memory. This patch resolves the issue by storing the `driver_data` in a temporary variable before calling `hid_destroy_device()`, and then freeing the `driver_data` after the device is destroyed.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version >= 4.9 < 5.4.291
Linux ≫ Linux Kernel Version >= 5.5 < 5.10.235
Linux ≫ Linux Kernel Version >= 5.11 < 5.15.179
Linux ≫ Linux Kernel Version >= 5.16 < 6.1.131
Linux ≫ Linux Kernel Version >= 6.2 < 6.6.83
Linux ≫ Linux Kernel Version >= 6.7 < 6.12.19
Linux ≫ Linux Kernel Version >= 6.13 < 6.13.7
Linux ≫ Linux Kernel Version6.14 Updaterc1
Linux ≫ Linux Kernel Version6.14 Updaterc2
Linux ≫ Linux Kernel Version6.14 Updaterc3
Linux ≫ Linux Kernel Version6.14 Updaterc4
Linux ≫ Linux Kernel Version6.14 Updaterc5
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.2% | 0.104 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
CWE-416 Use After Free
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.
https://git.kernel.org/stable/c/01b18a330cda61cc21423a7d1af92cf31ded8f60
https://git.kernel.org/stable/c/07583a0010696a17fb0942e0b499a62785c5fc9f
https://git.kernel.org/stable/c/0c1fb475ef999d6c22fc3f963fdf20cb3ed1b03d
https://git.kernel.org/stable/c/560f4d1299342504a6ab8a47f575b5e6b8345ada
https://git.kernel.org/stable/c/cf1a6015d2f6b1f0afaa0fd6a0124ff2c7943394
https://git.kernel.org/stable/c/d3faae7f42181865c799d88c5054176f38ae4625
https://git.kernel.org/stable/c/dea6a349bcaf243fff95dfd0428a26be6a0fb44e
https://git.kernel.org/stable/c/eb0695d87a81e7c1f0509b7d8ee7c65fbc26aec9
https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html
https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html