Unrated severityNVD Advisory· Published Apr 1, 2025· Updated May 4, 2025

HID: intel-ish-hid: Fix use-after-free issue in hid_ishtp_cl_remove()

CVE-2025-21929

Description

In the Linux kernel, the following vulnerability has been resolved:

During the rmmod operation for the intel_ishtp_hid driver, a use-after-free issue can occur in the hid_ishtp_cl_remove() function. The function hid_ishtp_cl_deinit() is called before ishtp_hid_remove(), which can lead to accessing freed memory or resources during the removal process.

Call Trace: ? ishtp_cl_send+0x168/0x220 [intel_ishtp] ? hid_output_report+0xe3/0x150 [hid] hid_ishtp_set_feature+0xb5/0x120 [intel_ishtp_hid] ishtp_hid_request+0x7b/0xb0 [intel_ishtp_hid] hid_hw_request+0x1f/0x40 [hid] sensor_hub_set_feature+0x11f/0x190 [hid_sensor_hub] _hid_sensor_power_state+0x147/0x1e0 [hid_sensor_trigger] hid_sensor_runtime_resume+0x22/0x30 [hid_sensor_trigger] sensor_hub_remove+0xa8/0xe0 [hid_sensor_hub] hid_device_remove+0x49/0xb0 [hid] hid_destroy_device+0x6f/0x90 [hid] ishtp_hid_remove+0x42/0x70 [intel_ishtp_hid] hid_ishtp_cl_remove+0x6b/0xb0 [intel_ishtp_hid] ishtp_cl_device_remove+0x4a/0x60 [intel_ishtp] ...

Additionally, ishtp_hid_remove() is a HID level power off, which should occur before the ISHTP level disconnect.

This patch resolves the issue by reordering the calls in hid_ishtp_cl_remove(). The function ishtp_hid_remove() is now called before hid_ishtp_cl_deinit().

Affected products

100

Linux/Linux Kernel Rtllm-fuzzy
osv-coords98 versions
pkg:rpm/almalinux/kernel pkg:rpm/almalinux/kernel-64k pkg:rpm/almalinux/kernel-64k-core pkg:rpm/almalinux/kernel-64k-debug pkg:rpm/almalinux/kernel-64k-debug-core pkg:rpm/almalinux/kernel-64k-debug-devel pkg:rpm/almalinux/kernel-64k-debug-devel-matched pkg:rpm/almalinux/kernel-64k-debug-modules pkg:rpm/almalinux/kernel-64k-debug-modules-core pkg:rpm/almalinux/kernel-64k-debug-modules-extra pkg:rpm/almalinux/kernel-64k-devel pkg:rpm/almalinux/kernel-64k-devel-matched pkg:rpm/almalinux/kernel-64k-modules pkg:rpm/almalinux/kernel-64k-modules-core pkg:rpm/almalinux/kernel-64k-modules-extra pkg:rpm/almalinux/kernel-abi-stablelists pkg:rpm/almalinux/kernel-core pkg:rpm/almalinux/kernel-cross-headers pkg:rpm/almalinux/kernel-debug pkg:rpm/almalinux/kernel-debug-core pkg:rpm/almalinux/kernel-debug-devel pkg:rpm/almalinux/kernel-debug-devel-matched pkg:rpm/almalinux/kernel-debug-modules pkg:rpm/almalinux/kernel-debug-modules-core pkg:rpm/almalinux/kernel-debug-modules-extra pkg:rpm/almalinux/kernel-debug-uki-virt pkg:rpm/almalinux/kernel-devel pkg:rpm/almalinux/kernel-devel-matched pkg:rpm/almalinux/kernel-doc pkg:rpm/almalinux/kernel-headers pkg:rpm/almalinux/kernel-modules pkg:rpm/almalinux/kernel-modules-core pkg:rpm/almalinux/kernel-modules-extra pkg:rpm/almalinux/kernel-rt pkg:rpm/almalinux/kernel-rt-64k pkg:rpm/almalinux/kernel-rt-64k-core pkg:rpm/almalinux/kernel-rt-64k-debug pkg:rpm/almalinux/kernel-rt-64k-debug-core pkg:rpm/almalinux/kernel-rt-64k-debug-devel pkg:rpm/almalinux/kernel-rt-64k-debug-modules pkg:rpm/almalinux/kernel-rt-64k-debug-modules-core pkg:rpm/almalinux/kernel-rt-64k-debug-modules-extra pkg:rpm/almalinux/kernel-rt-64k-devel pkg:rpm/almalinux/kernel-rt-64k-modules pkg:rpm/almalinux/kernel-rt-64k-modules-core pkg:rpm/almalinux/kernel-rt-64k-modules-extra pkg:rpm/almalinux/kernel-rt-core pkg:rpm/almalinux/kernel-rt-debug pkg:rpm/almalinux/kernel-rt-debug-core pkg:rpm/almalinux/kernel-rt-debug-devel pkg:rpm/almalinux/kernel-rt-debug-kvm pkg:rpm/almalinux/kernel-rt-debug-modules pkg:rpm/almalinux/kernel-rt-debug-modules-core pkg:rpm/almalinux/kernel-rt-debug-modules-extra pkg:rpm/almalinux/kernel-rt-devel pkg:rpm/almalinux/kernel-rt-kvm pkg:rpm/almalinux/kernel-rt-modules pkg:rpm/almalinux/kernel-rt-modules-core pkg:rpm/almalinux/kernel-rt-modules-extra pkg:rpm/almalinux/kernel-tools pkg:rpm/almalinux/kernel-tools-libs pkg:rpm/almalinux/kernel-tools-libs-devel pkg:rpm/almalinux/kernel-uki-virt pkg:rpm/almalinux/kernel-uki-virt-addons pkg:rpm/almalinux/kernel-zfcpdump pkg:rpm/almalinux/kernel-zfcpdump-core pkg:rpm/almalinux/kernel-zfcpdump-devel pkg:rpm/almalinux/kernel-zfcpdump-devel-matched pkg:rpm/almalinux/kernel-zfcpdump-modules pkg:rpm/almalinux/kernel-zfcpdump-modules-core pkg:rpm/almalinux/kernel-zfcpdump-modules-extra pkg:rpm/almalinux/libperf pkg:rpm/almalinux/perf pkg:rpm/almalinux/python3-perf pkg:rpm/almalinux/rtla pkg:rpm/almalinux/rv pkg:rpm/suse/kernel-64kb&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP7 pkg:rpm/suse/kernel-azure&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP7 pkg:rpm/suse/kernel-default-base&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP7 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2015%20SP7 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP7 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP7 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Legacy%2015%20SP7 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP7 pkg:rpm/suse/kernel-docs&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP7 pkg:rpm/suse/kernel-livepatch-SLE15-SP7-RT_Update_1&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP7 pkg:rpm/suse/kernel-livepatch-SLE15-SP7_Update_1&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP7 pkg:rpm/suse/kernel-obs-build&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP7 pkg:rpm/suse/kernel-rt_debug&distro=SUSE%20Real%20Time%20Module%2015%20SP7 pkg:rpm/suse/kernel-rt&distro=SUSE%20Real%20Time%20Module%2015%20SP7 pkg:rpm/suse/kernel-source-azure&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP7 pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP7 pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP7 pkg:rpm/suse/kernel-source-rt&distro=SUSE%20Real%20Time%20Module%2015%20SP7 pkg:rpm/suse/kernel-syms-azure&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP7 pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP7 pkg:rpm/suse/kernel-syms-rt&distro=SUSE%20Real%20Time%20Module%2015%20SP7 pkg:rpm/suse/kernel-zfcpdump&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP7
< 5.14.0-570.32.1.el9_6+ 97 more
- (no CPE)range: < 5.14.0-570.32.1.el9_6
- (no CPE)range: < 5.14.0-570.32.1.el9_6
- (no CPE)range: < 5.14.0-570.32.1.el9_6
- (no CPE)range: < 5.14.0-570.32.1.el9_6
- (no CPE)range: < 5.14.0-570.32.1.el9_6
- (no CPE)range: < 5.14.0-570.32.1.el9_6
- (no CPE)range: < 5.14.0-570.32.1.el9_6
- (no CPE)range: < 5.14.0-570.32.1.el9_6
- (no CPE)range: < 5.14.0-570.32.1.el9_6
- (no CPE)range: < 5.14.0-570.32.1.el9_6
- (no CPE)range: < 5.14.0-570.32.1.el9_6
- (no CPE)range: < 5.14.0-570.32.1.el9_6
- (no CPE)range: < 5.14.0-570.32.1.el9_6
- (no CPE)range: < 5.14.0-570.32.1.el9_6
- (no CPE)range: < 5.14.0-570.32.1.el9_6
- (no CPE)range: < 6.12.0-55.25.1.el10_0
- (no CPE)range: < 5.14.0-570.32.1.el9_6
- (no CPE)range: < 5.14.0-570.32.1.el9_6
- (no CPE)range: < 5.14.0-570.32.1.el9_6
- (no CPE)range: < 5.14.0-570.32.1.el9_6
- (no CPE)range: < 5.14.0-570.32.1.el9_6
- (no CPE)range: < 5.14.0-570.32.1.el9_6
- (no CPE)range: < 5.14.0-570.32.1.el9_6
- (no CPE)range: < 5.14.0-570.32.1.el9_6
- (no CPE)range: < 5.14.0-570.32.1.el9_6
- (no CPE)range: < 5.14.0-570.32.1.el9_6
- (no CPE)range: < 5.14.0-570.32.1.el9_6
- (no CPE)range: < 5.14.0-570.32.1.el9_6
- (no CPE)range: < 6.12.0-55.25.1.el10_0
- (no CPE)range: < 5.14.0-570.32.1.el9_6
- (no CPE)range: < 5.14.0-570.32.1.el9_6
- (no CPE)range: < 5.14.0-570.32.1.el9_6
- (no CPE)range: < 5.14.0-570.32.1.el9_6
- (no CPE)range: < 5.14.0-570.32.1.el9_6
- (no CPE)range: < 5.14.0-570.32.1.el9_6
- (no CPE)range: < 5.14.0-570.32.1.el9_6
- (no CPE)range: < 5.14.0-570.32.1.el9_6
- (no CPE)range: < 5.14.0-570.32.1.el9_6
- (no CPE)range: < 5.14.0-570.32.1.el9_6
- (no CPE)range: < 5.14.0-570.32.1.el9_6
- (no CPE)range: < 5.14.0-570.32.1.el9_6
- (no CPE)range: < 5.14.0-570.32.1.el9_6
- (no CPE)range: < 5.14.0-570.32.1.el9_6
- (no CPE)range: < 5.14.0-570.32.1.el9_6
- (no CPE)range: < 5.14.0-570.32.1.el9_6
- (no CPE)range: < 5.14.0-570.32.1.el9_6
- (no CPE)range: < 5.14.0-570.32.1.el9_6
- (no CPE)range: < 5.14.0-570.32.1.el9_6
- (no CPE)range: < 5.14.0-570.32.1.el9_6
- (no CPE)range: < 5.14.0-570.32.1.el9_6
- (no CPE)range: < 5.14.0-570.32.1.el9_6
- (no CPE)range: < 5.14.0-570.32.1.el9_6
- (no CPE)range: < 5.14.0-570.32.1.el9_6
- (no CPE)range: < 5.14.0-570.32.1.el9_6
- (no CPE)range: < 5.14.0-570.32.1.el9_6
- (no CPE)range: < 5.14.0-570.32.1.el9_6
- (no CPE)range: < 5.14.0-570.32.1.el9_6
- (no CPE)range: < 5.14.0-570.32.1.el9_6
- (no CPE)range: < 5.14.0-570.32.1.el9_6
- (no CPE)range: < 5.14.0-570.32.1.el9_6
- (no CPE)range: < 5.14.0-570.32.1.el9_6
- (no CPE)range: < 5.14.0-570.32.1.el9_6
- (no CPE)range: < 5.14.0-570.32.1.el9_6
- (no CPE)range: < 5.14.0-570.32.1.el9_6
- (no CPE)range: < 5.14.0-570.32.1.el9_6
- (no CPE)range: < 5.14.0-570.32.1.el9_6
- (no CPE)range: < 5.14.0-570.32.1.el9_6
- (no CPE)range: < 5.14.0-570.32.1.el9_6
- (no CPE)range: < 5.14.0-570.32.1.el9_6
- (no CPE)range: < 5.14.0-570.32.1.el9_6
- (no CPE)range: < 5.14.0-570.32.1.el9_6
- (no CPE)range: < 5.14.0-570.32.1.el9_6
- (no CPE)range: < 5.14.0-570.32.1.el9_6
- (no CPE)range: < 5.14.0-570.32.1.el9_6
- (no CPE)range: < 5.14.0-570.32.1.el9_6
- (no CPE)range: < 5.14.0-570.32.1.el9_6
- (no CPE)range: < 6.4.0-150700.53.3.1
- (no CPE)range: < 6.4.0-150700.20.3.1
- (no CPE)range: < 6.4.0-150700.53.3.1.150700.17.2.1
- (no CPE)range: < 6.4.0-150700.53.3.1
- (no CPE)range: < 6.4.0-150700.53.3.1
- (no CPE)range: < 6.4.0-150700.53.3.1
- (no CPE)range: < 6.4.0-150700.53.3.1
- (no CPE)range: < 6.4.0-150700.53.3.1
- (no CPE)range: < 6.4.0-150700.53.3.1
- (no CPE)range: < 1-150700.1.3.1
- (no CPE)range: < 1-150700.15.3.1
- (no CPE)range: < 6.4.0-150700.53.3.1
- (no CPE)range: < 6.4.0-150700.7.3.1
- (no CPE)range: < 6.4.0-150700.7.3.1
- (no CPE)range: < 6.4.0-150700.20.3.1
- (no CPE)range: < 6.4.0-150700.53.3.1
- (no CPE)range: < 6.4.0-150700.53.3.1
- (no CPE)range: < 6.4.0-150700.7.3.1
- (no CPE)range: < 6.4.0-150700.20.3.1
- (no CPE)range: < 6.4.0-150700.53.3.1
- (no CPE)range: < 6.4.0-150700.7.3.1
- (no CPE)range: < 6.4.0-150700.53.3.1
Linux/Linuxcpe-rescue
Range: 6.8

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000