CVE-2025-21928

HIGH EPSS 8.7%
Published Apr 1, 20251y ago · Modified Jun 17, 20261w ago
7.8 CVSS 3.1
High
Find Similar
Published Apr 1, 2025 1y ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: HID: intel-ish-hid: Fix use-after-free issue in ishtp_hid_remove() The system can experience a random crash a few minutes after the driver is removed. This issue occurs due to improper handling of memory freeing in the ishtp_hid_remove() function. The function currently frees the `driver_data` directly within the loop that destroys the HID devices, which can lead to accessing freed memory. Specifically, `hid_destroy_device()` uses `driver_data` when it calls `hid_ishtp_set_feature()` to power off the sensor, so freeing `driver_data` beforehand can result in accessing invalid memory. This patch resolves the issue by storing the `driver_data` in a temporary variable before calling `hid_destroy_device()`, and then freeing the `driver_data` after the device is destroyed.

CVSS Details

Base Score
7.8
Exploitability
1.8
Impact
5.9
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High

Threat Intelligence

EPSS Exploit Probability
8.7% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-416 Use After Free Memory Safety

Affected Products 12

VendorProductVersionRange
linuxlinux_kernel*≥4.9  –  <5.4.291
linuxlinux_kernel*≥5.5  –  <5.10.235
linuxlinux_kernel*≥5.11  –  <5.15.179
linuxlinux_kernel*≥5.16  –  <6.1.131
linuxlinux_kernel*≥6.2  –  <6.6.83
linuxlinux_kernel*≥6.7  –  <6.12.19
linuxlinux_kernel*≥6.13  –  <6.13.7
linuxlinux_kernel6.14any
linuxlinux_kernel6.14any
linuxlinux_kernel6.14any
linuxlinux_kernel6.14any
linuxlinux_kernel6.14any

References 10

  • git.kernel.org https://git.kernel.org/stable/c/01b18a330cda61cc21423a7d1af92cf31ded8f60
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/07583a0010696a17fb0942e0b499a62785c5fc9f
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/0c1fb475ef999d6c22fc3f963fdf20cb3ed1b03d
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/560f4d1299342504a6ab8a47f575b5e6b8345ada
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/cf1a6015d2f6b1f0afaa0fd6a0124ff2c7943394
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/d3faae7f42181865c799d88c5054176f38ae4625
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/dea6a349bcaf243fff95dfd0428a26be6a0fb44e
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/eb0695d87a81e7c1f0509b7d8ee7c65fbc26aec9
    Patch
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/01b18a330cda61cc21423a7d1af92cf31ded8f60
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/07583a0010696a17fb0942e0b499a62785c5fc9f
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/0c1fb475ef999d6c22fc3f963fdf20cb3ed1b03d
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/560f4d1299342504a6ab8a47f575b5e6b8345ada
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/cf1a6015d2f6b1f0afaa0fd6a0124ff2c7943394
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/d3faae7f42181865c799d88c5054176f38ae4625
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/dea6a349bcaf243fff95dfd0428a26be6a0fb44e
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/eb0695d87a81e7c1f0509b7d8ee7c65fbc26aec9
    Patch