296,172
Total vulnerabilities in the database
In the Linux kernel, the following vulnerability has been resolved:
HID: intel-ish-hid: Fix use-after-free issue in ishtp_hid_remove()
The system can experience a random crash a few minutes after the driver is removed. This issue occurs due to improper handling of memory freeing in the ishtp_hid_remove() function.
The function currently frees the driver_data directly within the loop
that destroys the HID devices, which can lead to accessing freed memory.
Specifically, hid_destroy_device() uses driver_data when it calls
hid_ishtp_set_feature() to power off the sensor, so freeing
driver_data beforehand can result in accessing invalid memory.
This patch resolves the issue by storing the driver_data in a temporary
variable before calling hid_destroy_device(), and then freeing the
driver_data after the device is destroyed.
| Software | From | Fixed in |
|---|---|---|
| linux / linux_kernel | 6.14-rc1 | 6.14-rc1.x |
| linux / linux_kernel | 6.14-rc2 | 6.14-rc2.x |
| linux / linux_kernel | 6.14-rc3 | 6.14-rc3.x |
| linux / linux_kernel | 5.11 | 5.15.179 |
| linux / linux_kernel | 5.5 | 5.10.235 |
| linux / linux_kernel | 5.16 | 6.1.131 |
| linux / linux_kernel | 4.9 | 5.4.291 |
| linux / linux_kernel | 6.2 | 6.6.83 |
| linux / linux_kernel | 6.7 | 6.12.19 |
| linux / linux_kernel | 6.13 | 6.13.7 |
| linux / linux_kernel | 6.14-rc4 | 6.14-rc4.x |
| linux / linux_kernel | 6.14-rc5 | 6.14-rc5.x |