CVE-2025-68656

CVSS v3.1

6.8

Medium

Vector

AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Espressif ESP-IDF versions prior to 1.1.0

Description The USB Host HID (Human Interface Device) Driver in ESP-IDF allows access to HID devices. A flaw exists in the usb class request get descriptor() function where it frees and reallocates hid device->ctrl xfer when an oversized descriptor is requested, but continues to use a stale local pointer. This results in a use-after-free condition when processing Report Descriptor lengths controlled by an attacker. The vulnerable function is usb class request get descriptor().

Recommendations Update to version 1.1.0 or later.

Exploit

Fix

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

CVE-2025-68656

GHSA-2PM2-62MR-C9X7

Affected Products

Esp-Idf

CVE-2025-68656

Weakness Enumeration

Related Identifiers

Affected Products

References · 9