Skip to main content

Usb Host Hid Driver CVE-2025-68657

MEDIUM
Double Free (CWE-415)
2026-01-12 security-advisories@github.com
6.4
CVSS 3.1 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
6.4 MEDIUM
AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Physical
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
Analysis Generated
Mar 12, 2026 - 21:54 vuln.today
Patch released
Jan 22, 2026 - 15:47 nvd
Patch available
CVE Published
Jan 12, 2026 - 18:15 nvd
MEDIUM 6.4

DescriptionGitHub Advisory

Espressif ESP-IDF USB Host HID (Human Interface Device) Driver allows access to HID devices. Prior to 1.1.0, calls to hid_host_device_close() can free the same usb_transfer_t twice. The USB event callback and user code share the hid_iface_t state without locking, so both can tear down a READY interface simultaneously, corrupting heap metadata inside the ESP USB host stack. This vulnerability is fixed in 1.1.0.

AnalysisAI

Espressif ESP-IDF USB Host HID (Human Interface Device) Driver allows access to HID devices. Prior to 1.1.0, calls to hid_host_device_close() can free the same usb_transfer_t twice. [CVSS 6.4 MEDIUM]

Technical ContextAI

Affects Usb Host Hid Driver. Espressif ESP-IDF USB Host HID (Human Interface Device) Driver allows access to HID devices. Prior to 1.1.0, calls to hid_host_device_close() can free the same usb_transfer_t twice. The USB event callback and user code share the hid_iface_t state without locking, so both can tear down a READY interface simultaneously, corrupting heap metadata inside the ESP USB host stack. This vulnerability is fixed in 1.1.0.

RemediationAI

A vendor patch is available — apply it immediately. Fixed in version 1.1.0..

Share

CVE-2025-68657 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy