CVE-2025-68657

Published: Jan 12, 2026Modified: Jan 22, 2026

6.4

Vector

CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 0.5 / Impact: 5.9

Source: security-advisories@github.com (Secondary)

Description

Espressif ESP-IDF USB Host HID (Human Interface Device) Driver allows access to HID devices. Prior to 1.1.0, calls to hid_host_device_close() can free the same usb_transfer_t twice. The USB event callback and user code share the hid_iface_t state without locking, so both can tear down a READY interface simultaneously, corrupting heap metadata inside the ESP USB host stack. This vulnerability is fixed in 1.1.0.

Affected (1)

Products: Espressif: Usb Host Hid Driver

1 product

Usb Host Hid Driver

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Espressif Usb Host Hid Driver	Before 1.1.0

Related CWEs

The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.

Improper Locking

The product does not properly acquire or release a lock on a resource, leading to unexpected resource state changes and behaviors.

References (3)

https://components.espressif.com/components/espressif/usb_host_hid/versions/1.1.0/changelog

Source: security-advisories@github.com

Release Notes

https://github.com/espressif/esp-usb/commit/cd28106e9f72ac2719682c06f94601f9f034390b

Source: security-advisories@github.com

Patch

https://github.com/espressif/esp-usb/security/advisories/GHSA-gp8r-qjfr-gqfv

Source: security-advisories@github.com

Vendor AdvisoryPatch

Timeline

No history available yet.