6.8
CVE-2025-68656
- EPSS 0.18%
- Veröffentlicht 12.01.2026 17:23:19
- Zuletzt bearbeitet 22.01.2026 15:47:56
- Quelle security-advisories@github.com
- CVE-Watchlists
- Unerledigt
LoginEspressif ESP-IDF USB Host HID (Human Interface Device) Driver Descriptor Use-After-Free Vulnerability
Espressif ESP-IDF USB Host HID (Human Interface Device) Driver allows access to HID devices. Prior to 1.1.0, usb_class_request_get_descriptor() frees and reallocates hid_device->ctrl_xfer when an oversized descriptor is requested but continues to use the stale local pointer, leading to an immediate use-after-free when processing attacker-controlled Report Descriptor lengths. This vulnerability is fixed in 1.1.0.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Espressif ≫ Usb Host Hid Driver Version < 1.1.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.18% | 0.08 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| security-advisories@github.com | 6.8 | 0.9 | 5.9 |
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-416 Use After Free
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.
https://github.com/espressif/esp-usb/security/advisories/GHSA-2pm2-62mr-c9x7
https://github.com/espressif/esp-usb/commit/81b37c96593c0bec92ef14c6ee6bf8cab8d8f660
https://components.espressif.com/components/espressif/usb_host_hid/versions/1.1.0/changelog