Use-After-Free Vulnerability in Corsair Void Headset by Linux Kernel
CVE-2025-21797

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 27 February 2025

Summary

A use-after-free vulnerability was discovered in the Linux kernel's handling of Corsair Void headsets. This flaw arose from a missed call to cancel_delayed_work_sync() within the corsair_void_remove() function. As a result, this could potentially lead to unexpected behavior or system crashes, presenting an opportunity for an attacker to exploit the vulnerability. It is essential for users of affected kernel versions to update to the latest releases where this issue has been resolved.

Affected Version(s)

Linux 6ea2a6fd3872e60a4d500b548ad65ed94e459ddd < 2dcb56a0a4da6946f6c18288da595c13e0d2af86

Linux 6ea2a6fd3872e60a4d500b548ad65ed94e459ddd < 48e487b002891eb0aeaec704c9bed51f028deff1

Linux 6.13

References

https://git.kernel.org/stable/c/2dcb56a0a4da6946f6c18288d...

https://git.kernel.org/stable/c/48e487b002891eb0aeaec704c...

Timeline

Vulnerability published
Feb 27, 2025
Vulnerability Reserved
Dec 29, 2024