NVD

CVE-2025-21928 Detail

Description

In the Linux kernel, the following vulnerability has been resolved: HID: intel-ish-hid: Fix use-after-free issue in ishtp_hid_remove() The system can experience a random crash a few minutes after the driver is removed. This issue occurs due to improper handling of memory freeing in the ishtp_hid_remove() function. The function currently frees the `driver_data` directly within the loop that destroys the HID devices, which can lead to accessing freed memory. Specifically, `hid_destroy_device()` uses `driver_data` when it calls `hid_ishtp_set_feature()` to power off the sensor, so freeing `driver_data` beforehand can result in accessing invalid memory. This patch resolves the issue by storing the `driver_data` in a temporary variable before calling `hid_destroy_device()`, and then freeing the `driver_data` after the device is destroyed.

Metrics

NVD enrichment efforts reference publicly available information to associate vector strings. CVSS information contributed by other sources is also displayed.

CVSS 4.0 Severity and Vector Strings:

NIST: NVD

N/A

NVD assessment not yet provided.

CVSS 3.x Severity and Vector Strings:

NIST: NVD

Base Score: 7.8 HIGH

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS 2.0 Severity and Vector Strings:

National Institute of Standards and Technology

NIST: NVD

Base Score: N/A

NVD assessment not yet provided.

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

Hyperlink	Resource
https://git.kernel.org/stable/c/01b18a330cda61cc21423a7d1af92cf31ded8f60	Patch
https://git.kernel.org/stable/c/07583a0010696a17fb0942e0b499a62785c5fc9f	Patch
https://git.kernel.org/stable/c/0c1fb475ef999d6c22fc3f963fdf20cb3ed1b03d	Patch
https://git.kernel.org/stable/c/560f4d1299342504a6ab8a47f575b5e6b8345ada	Patch
https://git.kernel.org/stable/c/cf1a6015d2f6b1f0afaa0fd6a0124ff2c7943394	Patch
https://git.kernel.org/stable/c/d3faae7f42181865c799d88c5054176f38ae4625	Patch
https://git.kernel.org/stable/c/dea6a349bcaf243fff95dfd0428a26be6a0fb44e	Patch
https://git.kernel.org/stable/c/eb0695d87a81e7c1f0509b7d8ee7c65fbc26aec9	Patch

Weakness Enumeration

CWE-ID	CWE Name	Source
CWE-416	Use After Free	NIST

Known Affected Software Configurations Switch to CPE 2.2

Configuration 1 ( hide )

cpe:2.3:o:linux:linux_kernel:::::::: Show Matching CPE(s)	From (including) 4.9	Up to (excluding) 5.4.291
cpe:2.3:o:linux:linux_kernel:::::::: Show Matching CPE(s)	From (including) 5.5	Up to (excluding) 5.10.235
cpe:2.3:o:linux:linux_kernel:::::::: Show Matching CPE(s)	From (including) 5.11	Up to (excluding) 5.15.179
cpe:2.3:o:linux:linux_kernel:::::::: Show Matching CPE(s)	From (including) 5.16	Up to (excluding) 6.1.131
cpe:2.3:o:linux:linux_kernel:::::::: Show Matching CPE(s)	From (including) 6.2	Up to (excluding) 6.6.83
cpe:2.3:o:linux:linux_kernel:::::::: Show Matching CPE(s)	From (including) 6.7	Up to (excluding) 6.12.19
cpe:2.3:o:linux:linux_kernel:::::::: Show Matching CPE(s)	From (including) 6.13	Up to (excluding) 6.13.7
cpe:2.3:o:linux:linux_kernel:6.14:rc1:::::: Show Matching CPE(s)
cpe:2.3:o:linux:linux_kernel:6.14:rc2:::::: Show Matching CPE(s)
cpe:2.3:o:linux:linux_kernel:6.14:rc3:::::: Show Matching CPE(s)
cpe:2.3:o:linux:linux_kernel:6.14:rc4:::::: Show Matching CPE(s)
cpe:2.3:o:linux:linux_kernel:6.14:rc5:::::: Show Matching CPE(s)

Denotes Vulnerable Software
Are we missing a CPE here? Please let us know.

Change History

2 change records found show changes

Initial Analysis by NIST 4/11/2025 9:11:28 AM

Action	Type	New Value
Added	CVSS V3.1	AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Added	CWE	CWE-416
Added	CPE Configuration	Record truncated, showing 500 of 1094 characters. View Entire Change Record OR cpe:2.3:o:linux:linux_kernel:6.14:rc1::::::* cpe:2.3:o:linux:linux_kernel:6.14:rc2::::::* cpe:2.3:o:linux:linux_kernel:6.14:rc3::::::* cpe:2.3:o:linux:linux_kernel::::::::* versions from (including) 5.11 up to (excluding) 5.15.179 cpe:2.3:o:linux:linux_kernel::::::::* versions from (including) 5.5 up to (excluding) 5.10.235 cpe:2.3:o:linux:linux_kernel::::::::* versions from (including) 5.16
Added	Reference Type	kernel.org: https://git.kernel.org/stable/c/01b18a330cda61cc21423a7d1af92cf31ded8f60 Types: Patch
Added	Reference Type	kernel.org: https://git.kernel.org/stable/c/07583a0010696a17fb0942e0b499a62785c5fc9f Types: Patch
Added	Reference Type	kernel.org: https://git.kernel.org/stable/c/0c1fb475ef999d6c22fc3f963fdf20cb3ed1b03d Types: Patch
Added	Reference Type	kernel.org: https://git.kernel.org/stable/c/560f4d1299342504a6ab8a47f575b5e6b8345ada Types: Patch
Added	Reference Type	kernel.org: https://git.kernel.org/stable/c/cf1a6015d2f6b1f0afaa0fd6a0124ff2c7943394 Types: Patch
Added	Reference Type	kernel.org: https://git.kernel.org/stable/c/d3faae7f42181865c799d88c5054176f38ae4625 Types: Patch
Added	Reference Type	kernel.org: https://git.kernel.org/stable/c/dea6a349bcaf243fff95dfd0428a26be6a0fb44e Types: Patch
Added	Reference Type	kernel.org: https://git.kernel.org/stable/c/eb0695d87a81e7c1f0509b7d8ee7c65fbc26aec9 Types: Patch

New CVE Received from kernel.org 4/01/2025 12:15:23 PM

Action	Type	New Value
Added	Description	Record truncated, showing 500 of 849 characters. View Entire Change Record In the Linux kernel, the following vulnerability has been resolved: HID: intel-ish-hid: Fix use-after-free issue in ishtp_hid_remove() The system can experience a random crash a few minutes after the driver is removed. This issue occurs due to improper handling of memory freeing in the ishtp_hid_remove() function. The function currently frees the `driver_data` directly within the loop that destroys the HID devices, which can lead to accessing freed memory. Specifically, `hid_destroy_device()`
Added	Reference	https://git.kernel.org/stable/c/01b18a330cda61cc21423a7d1af92cf31ded8f60
Added	Reference	https://git.kernel.org/stable/c/07583a0010696a17fb0942e0b499a62785c5fc9f
Added	Reference	https://git.kernel.org/stable/c/0c1fb475ef999d6c22fc3f963fdf20cb3ed1b03d
Added	Reference	https://git.kernel.org/stable/c/560f4d1299342504a6ab8a47f575b5e6b8345ada
Added	Reference	https://git.kernel.org/stable/c/cf1a6015d2f6b1f0afaa0fd6a0124ff2c7943394
Added	Reference	https://git.kernel.org/stable/c/d3faae7f42181865c799d88c5054176f38ae4625
Added	Reference	https://git.kernel.org/stable/c/dea6a349bcaf243fff95dfd0428a26be6a0fb44e
Added	Reference	https://git.kernel.org/stable/c/eb0695d87a81e7c1f0509b7d8ee7c65fbc26aec9

Quick Info

CVE Dictionary Entry:
CVE-2025-21928
NVD Published Date:
04/01/2025
NVD Last Modified:
04/11/2025
Source:
kernel.org

You are viewing this page in an unauthorized frame window.

Information Technology Laboratory

National Vulnerability Database

National Vulnerability Database

CVE-2025-21928 Detail

Description

Metrics

References to Advisories, Solutions, and Tools

Weakness Enumeration

Known Affected Software Configurations Switch to CPE 2.2

CPEs loading, please wait.

Change History

Initial Analysis by NIST 4/11/2025 9:11:28 AM

New CVE Received from kernel.org 4/01/2025 12:15:23 PM

Quick Info