CVE-2025-68656

Medium CVSS: 6.8

Espressif ESP-IDF USB Host HID (Human Interface Device) Driver allows access to HID devices. Prior to 1.1.0, usb_class_request_get_descriptor() frees and reallocates hid_device->ctrl_xfer when an oversized descriptor is requested but continues to use the stale local pointer, leading to an immediate use-after-free when processing attacker-controlled Report Descriptor lengths. This vulnerability is fixed in 1.1.0.

Vendor

Espressif

Product

Usb Host Hid Driver

CWE

CWE-416

Yayın Tarihi

2026-01-12 18:15:48

Güncelleme

2026-01-22 15:47:56

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-416 Usb Host Hid Driver MEDIUM Espressif 2026

Referanslar

https://components.espressif.com/components/espressif/usb_host_hid/versions/1.1.0/changelog https://github.com/espressif/esp-usb/commit/81b37c96593c0bec92ef14c6ee6bf8cab8d8f660 https://github.com/espressif/esp-usb/security/advisories/GHSA-2pm2-62mr-c9x7

Benzer Kayıtlar

Medium

CVE-2026-25507

ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.5.2, 5.4.3, 5.3.4, 5.2.6, and 5.1…

Medium

CVE-2026-25508

ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.5.2, 5.4.3, 5.3.4, 5.2.6, and 5.1…

Medium

CVE-2026-25532

ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.5.2, 5.4.3, 5.3.4, 5.2.6, and 5.1…

Medium

CVE-2025-68657

Espressif ESP-IDF USB Host HID (Human Interface Device) Driver allows access to HID devices. Prior to 1.1.0, calls to hi…

Medium

CVE-2025-68622

Espressif ESP-IDF USB Host UVC Class Driver allows video streaming from USB cameras. Prior to 2.4.0, a vulnerability in…

High

CVE-2025-68473

ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.5.1, 5.4.3, 5.3.4, 5.2.6, 5.1.6,…