Use-after-free Vulnerability in Intel ISHTP HID Driver for Linux Kernel
CVE-2025-21929

7.8HIGH

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 1 April 2025

Summary

A use-after-free vulnerability exists in the Intel ISHTP HID driver within the Linux Kernel during the rmmod operation. The issue arises in the function hid_ishtp_cl_remove() when called in a specific order. This can potentially allow an attacker to access freed memory or resources, leading to a range of exploit scenarios. The vulnerability has been mitigated by adjusting the sequence of function calls, ensuring that the HID level power off occurs prior to the ISHTP level disconnection to enhance memory safety.

Affected Version(s)

Linux f645a90e8ff732c48dd9f18815baef08c44ac8a0 < 9c677fe859a73f5dd3dd84c27f99e10d28047c73

Linux f645a90e8ff732c48dd9f18815baef08c44ac8a0

Linux f645a90e8ff732c48dd9f18815baef08c44ac8a0 < 823987841424289339fdb4ba90e6d2c3792836db

References

https://git.kernel.org/stable/c/9c677fe859a73f5dd3dd84c27...

https://git.kernel.org/stable/c/e040f11fbca868c6d151e9f2c...

https://git.kernel.org/stable/c/823987841424289339fdb4ba9...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 1, 2025
Vulnerability Reserved
Dec 29, 2024