PT-2025-14309 · Linux+11 · Linux Kernel+11

Published

2025-04-01

·

Updated

2026-04-20

·

CVE-2025-21928

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description A use-after-free issue in the ishtp hid remove() function can cause the system to experience a random crash a few minutes after the driver is removed. This occurs due to improper handling of memory freeing, where the driver data is freed directly within the loop that destroys the HID devices, leading to accessing freed memory. Specifically, hid destroy device() uses driver data when it calls hid ishtp set feature() to power off the sensor, so freeing driver data beforehand can result in accessing invalid memory.
Recommendations To resolve the issue, store the driver data in a temporary variable before calling hid destroy device(), and then free the driver data after the device is destroyed. As a temporary workaround, consider disabling the ishtp hid remove() function until a patch is available. Restrict access to the hid destroy device() function to minimize the risk of exploitation. Avoid using the driver data variable in the affected ishtp hid remove() function until the issue is resolved.

Exploit

Fix

DoS

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

ALSA-2025:12662
ALSA-2025:12746
ALSA-2025:12752
ALSA-2025:12753
ALT-PU-2025-12647
ALT-PU-2025-5437
ALT-PU-2025-5786
BDU:2025-11776
CESA-2025_12752
CESA-2025_12753
CVE-2025-21928
DLA-4178-1
DLA-4193-1
DSA-5900-1
ECHO-5AC1-B804-2219
INFSA-2025_12746
INFSA-2025_12752
INFSA-2025_12753
OESA-2025-1433
OESA-2025-1434
OESA-2025-1446
OESA-2025-1450
OPENSUSE-SU-2025_01614-1
OPENSUSE-SU-2025_01707-1
RHSA-2025:12662
RHSA-2025:12746
RHSA-2025:12752
RHSA-2025:12753
RHSA-2025:13029
RHSA-2025:13030
RHSA-2025:13061
RHSA-2025:13120
RHSA-2025:13135
RHSA-2025:13633
RHSA-2025:13776
RHSA-2025:13781
RHSA-2025:14136
RHSA-2025:14746
RHSA-2025:14748
RHSA-2025_12746
RHSA-2025_12752
RHSA-2025_12753
SUSE-SU-2025:01614-1
SUSE-SU-2025:01707-1
SUSE-SU-2025:01919-1
SUSE-SU-2025:01951-1
SUSE-SU-2025:01964-1
SUSE-SU-2025:01967-1
SUSE-SU-2025:02846-1
SUSE-SU-2025:20192-1
SUSE-SU-2025:20206-1
SUSE-SU-2025:20270-1
SUSE-SU-2025:20283-1
SUSE-SU-2025_01614-1
SUSE-SU-2025_01707-1
SUSE-SU-2025_01951-1
SUSE-SU-2025_01964-1
SUSE-SU-2025_01967-1
SUSE-SU-2025_02846-1
USN-7510-1
USN-7510-2
USN-7510-3
USN-7510-4
USN-7510-5
USN-7510-6
USN-7510-7
USN-7510-8
USN-7511-1
USN-7511-2
USN-7511-3
USN-7512-1
USN-7516-1
USN-7516-2
USN-7516-3
USN-7516-4
USN-7516-5
USN-7516-6
USN-7516-7
USN-7516-8
USN-7516-9
USN-7517-1
USN-7517-2
USN-7517-3
USN-7518-1
USN-7539-1
USN-7540-1
USN-7593-1
USN-7602-1
USN-7605-1
USN-7605-2
USN-7606-1
USN-7628-1
USN-7640-1
USN-7764-1
USN-7764-2
USN-7765-1
USN-7766-1
USN-7767-1
USN-7767-2
USN-7779-1
USN-7790-1
USN-7800-1
USN-7801-1
USN-7801-2
USN-7801-3
USN-7802-1
USN-7809-1

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Debian
Linuxmint
Linux Kernel
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu