vulnerability

Rocky Linux: CVE-2025-21929: kernel (Multiple Advisories)

Try Surface Command
Back to search
Severity
7
CVSS
(AV:L/AC:L/Au:S/C:C/I:C/A:C)
Published
Oct 4, 2025
Added
Feb 5, 2026
Modified
Feb 11, 2026

Description

In the Linux kernel, the following vulnerability has been resolved:

HID: intel-ish-hid: Fix use-after-free issue in hid_ishtp_cl_remove()

During the `rmmod` operation for the `intel_ishtp_hid` driver, a
use-after-free issue can occur in the hid_ishtp_cl_remove() function.
The function hid_ishtp_cl_deinit() is called before ishtp_hid_remove(),
which can lead to accessing freed memory or resources during the
removal process.

Call Trace:
? ishtp_cl_send+0x168/0x220 [intel_ishtp]
? hid_output_report+0xe3/0x150 [hid]
hid_ishtp_set_feature+0xb5/0x120 [intel_ishtp_hid]
ishtp_hid_request+0x7b/0xb0 [intel_ishtp_hid]
hid_hw_request+0x1f/0x40 [hid]
sensor_hub_set_feature+0x11f/0x190 [hid_sensor_hub]
_hid_sensor_power_state+0x147/0x1e0 [hid_sensor_trigger]
hid_sensor_runtime_resume+0x22/0x30 [hid_sensor_trigger]
sensor_hub_remove+0xa8/0xe0 [hid_sensor_hub]
hid_device_remove+0x49/0xb0 [hid]
hid_destroy_device+0x6f/0x90 [hid]
ishtp_hid_remove+0x42/0x70 [intel_ishtp_hid]
hid_ishtp_cl_remove+0x6b/0xb0 [intel_ishtp_hid]
ishtp_cl_device_remove+0x4a/0x60 [intel_ishtp]
...

Additionally, ishtp_hid_remove() is a HID level power off, which should
occur before the ISHTP level disconnect.

This patch resolves the issue by reordering the calls in
hid_ishtp_cl_remove(). The function ishtp_hid_remove() is now
called before hid_ishtp_cl_deinit().

Solutions

rocky-upgrade-kernelrocky-upgrade-kernel-corerocky-upgrade-kernel-cross-headersrocky-upgrade-kernel-debugrocky-upgrade-kernel-debug-corerocky-upgrade-kernel-debug-debuginforocky-upgrade-kernel-debug-develrocky-upgrade-kernel-debug-devel-matchedrocky-upgrade-kernel-debug-modulesrocky-upgrade-kernel-debug-modules-corerocky-upgrade-kernel-debug-modules-extrarocky-upgrade-kernel-debug-uki-virtrocky-upgrade-kernel-debuginforocky-upgrade-kernel-debuginfo-common-s390xrocky-upgrade-kernel-debuginfo-common-x86_64rocky-upgrade-kernel-develrocky-upgrade-kernel-devel-matchedrocky-upgrade-kernel-headersrocky-upgrade-kernel-modulesrocky-upgrade-kernel-modules-corerocky-upgrade-kernel-modules-extrarocky-upgrade-kernel-rtrocky-upgrade-kernel-rt-corerocky-upgrade-kernel-rt-debugrocky-upgrade-kernel-rt-debug-corerocky-upgrade-kernel-rt-debug-debuginforocky-upgrade-kernel-rt-debug-develrocky-upgrade-kernel-rt-debug-kvmrocky-upgrade-kernel-rt-debug-modulesrocky-upgrade-kernel-rt-debug-modules-corerocky-upgrade-kernel-rt-debug-modules-extrarocky-upgrade-kernel-rt-debuginforocky-upgrade-kernel-rt-develrocky-upgrade-kernel-rt-kvmrocky-upgrade-kernel-rt-modulesrocky-upgrade-kernel-rt-modules-corerocky-upgrade-kernel-rt-modules-extrarocky-upgrade-kernel-toolsrocky-upgrade-kernel-tools-debuginforocky-upgrade-kernel-tools-libsrocky-upgrade-kernel-tools-libs-develrocky-upgrade-kernel-uki-virtrocky-upgrade-kernel-uki-virt-addonsrocky-upgrade-kernel-zfcpdumprocky-upgrade-kernel-zfcpdump-corerocky-upgrade-kernel-zfcpdump-debuginforocky-upgrade-kernel-zfcpdump-develrocky-upgrade-kernel-zfcpdump-devel-matchedrocky-upgrade-kernel-zfcpdump-modulesrocky-upgrade-kernel-zfcpdump-modules-corerocky-upgrade-kernel-zfcpdump-modules-extrarocky-upgrade-libperfrocky-upgrade-libperf-debuginforocky-upgrade-perfrocky-upgrade-perf-debuginforocky-upgrade-python3-perfrocky-upgrade-python3-perf-debuginforocky-upgrade-rtlarocky-upgrade-rv

References

Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today