1.6 KiB
CVE-2025-21928
Description
In the Linux kernel, the following vulnerability has been resolved:HID: intel-ish-hid: Fix use-after-free issue in ishtp_hid_remove()The system can experience a random crash a few minutes after the driver isremoved. This issue occurs due to improper handling of memory freeing inthe ishtp_hid_remove() function.The function currently frees the driver_data directly within the loopthat destroys the HID devices, which can lead to accessing freed memory.Specifically, hid_destroy_device() uses driver_data when it callshid_ishtp_set_feature() to power off the sensor, so freeingdriver_data beforehand can result in accessing invalid memory.This patch resolves the issue by storing the driver_data in a temporaryvariable before calling hid_destroy_device(), and then freeing thedriver_data after the device is destroyed.
POC
Reference
No PoCs from references.