CVE-2025-21923
Last modified
CVE-2025-21923 is a high-severity vulnerability rated 7.8/10 on the CVSS scale. In the Linux kernel, the following vulnerability has been resolved: HID: hid-steam: Fix use-after-free when detaching device When a hid-steam device is removed it must clean up the client_hdev used for intercepting hidraw access. This can lead to scheduling deferred work to reattach the input device. EPSS estimates a 0.18% chance of exploitation in the next 30 days.
Description
In the Linux kernel, the following vulnerability has been resolved: HID: hid-steam: Fix use-after-free when detaching device When a hid-steam device is removed it must clean up the client_hdev used for intercepting hidraw access. This can lead to scheduling deferred work to reattach the input device. Though the cleanup cancels the deferred work, this was done before the client_hdev itself is cleaned up, so it gets rescheduled. This patch fixes the ordering to make sure the deferred work is properly canceled.
Metrics
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | >= 6.6.79, < 6.6.83 |
| Linux | Linux Kernel | >= 6.12.16, < 6.12.19 |
| Linux | Linux Kernel | >= 6.13.4, < 6.13.7 |
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2025-21923?
How severe is CVE-2025-21923?
How do I fix CVE-2025-21923?
Are you affected by CVE-2025-21923?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST