CVE-2025-68657 in esp-usbinformazioni

Riassunto

di MITRE • 12/01/2026

Espressif ESP-IDF USB Host HID (Human Interface Device) Driver allows access to HID devices. Prior to 1.1.0, calls to hid_host_device_close() can free the same usb_transfer_t twice. The USB event callback and user code share the hid_iface_t state without locking, so both can tear down a READY interface simultaneously, corrupting heap metadata inside the ESP USB host stack. This vulnerability is fixed in 1.1.0.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Responsabile

GitHub M

Prenotare

22/12/2025

Divulgazione

12/01/2026

Moderazione

accettato

CPE

pronto

EPSS

0.00139

KEV

no

Attività

molto basso

Fonti

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!