Google Git
Sign in
kernel / pub / scm / linux / security / vulns / refs/heads/sasha-vulnerable / . / cve / published / 2025 / CVE-2025-21923.json
blob: d9b7141ba7db10bba5be7347eda6d9af36f56025 [file] [log] [blame]
{
"containers": {
"cna": {
"providerMetadata": {
"orgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038"
},
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: hid-steam: Fix use-after-free when detaching device\n\nWhen a hid-steam device is removed it must clean up the client_hdev used for\nintercepting hidraw access. This can lead to scheduling deferred work to\nreattach the input device. Though the cleanup cancels the deferred work, this\nwas done before the client_hdev itself is cleaned up, so it gets rescheduled.\nThis patch fixes the ordering to make sure the deferred work is properly\ncanceled."
}
],
"affected": [
{
"product": "Linux",
"vendor": "Linux",
"defaultStatus": "unaffected",
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"programFiles": [
"drivers/hid/hid-steam.c"
],
"versions": [
{
"version": "e1147961b2145fa61c3078a4a797d9576cde91ab",
"lessThan": "026714ec7546de741826324a6a1914c91024d06c",
"status": "affected",
"versionType": "git"
},
{
"version": "3e38cbbfa0a128a9d64773240a9eb3bc7bae3b1a",
"lessThan": "a899adf7063c6745aaff1ec869f3c7f6329ed0a1",
"status": "affected",
"versionType": "git"
},
{
"version": "053fa3888d2a957f4db26c05e503f4c6b9570a30",
"lessThan": "ea3f18d2f02629653b7bfe42607737ccd1343e54",
"status": "affected",
"versionType": "git"
},
{
"version": "79504249d7e27cad4a3eeb9afc6386e418728ce0",
"lessThan": "e53fc232a65f7488ab75d03a5b95f06aaada7262",
"status": "affected",
"versionType": "git"
}
]
},
{
"product": "Linux",
"vendor": "Linux",
"defaultStatus": "unaffected",
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"programFiles": [
"drivers/hid/hid-steam.c"
],
"versions": [
{
"version": "6.6.79",
"lessThan": "6.6.83",
"status": "affected",
"versionType": "semver"
},
{
"version": "6.12.16",
"lessThan": "6.12.19",
"status": "affected",
"versionType": "semver"
},
{
"version": "6.13.4",
"lessThan": "6.13.7",
"status": "affected",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.6.79",
"versionEndExcluding": "6.6.83"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.12.16",
"versionEndExcluding": "6.12.19"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.13.4",
"versionEndExcluding": "6.13.7"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/026714ec7546de741826324a6a1914c91024d06c"
},
{
"url": "https://git.kernel.org/stable/c/a899adf7063c6745aaff1ec869f3c7f6329ed0a1"
},
{
"url": "https://git.kernel.org/stable/c/ea3f18d2f02629653b7bfe42607737ccd1343e54"
},
{
"url": "https://git.kernel.org/stable/c/e53fc232a65f7488ab75d03a5b95f06aaada7262"
}
],
"title": "HID: hid-steam: Fix use-after-free when detaching device",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038",
"cveID": "CVE-2025-21923",
"requesterUserId": "gregkh@kernel.org",
"serial": "1",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.0"
}