{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-21923","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2024-12-29T08:45:45.788Z","datePublished":"2025-04-01T15:40:56.229Z","dateUpdated":"2026-05-11T21:09:08.988Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T21:09:08.988Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nHID: hid-steam: Fix use-after-free when detaching device\n\nWhen a hid-steam device is removed it must clean up the client_hdev used for\nintercepting hidraw access. This can lead to scheduling deferred work to\nreattach the input device. Though the cleanup cancels the deferred work, this\nwas done before the client_hdev itself is cleaned up, so it gets rescheduled.\nThis patch fixes the ordering to make sure the deferred work is properly\ncanceled."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/hid/hid-steam.c"],"versions":[{"version":"e1147961b2145fa61c3078a4a797d9576cde91ab","lessThan":"026714ec7546de741826324a6a1914c91024d06c","status":"affected","versionType":"git"},{"version":"3e38cbbfa0a128a9d64773240a9eb3bc7bae3b1a","lessThan":"a899adf7063c6745aaff1ec869f3c7f6329ed0a1","status":"affected","versionType":"git"},{"version":"053fa3888d2a957f4db26c05e503f4c6b9570a30","lessThan":"ea3f18d2f02629653b7bfe42607737ccd1343e54","status":"affected","versionType":"git"},{"version":"79504249d7e27cad4a3eeb9afc6386e418728ce0","lessThan":"e53fc232a65f7488ab75d03a5b95f06aaada7262","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/hid/hid-steam.c"],"versions":[{"version":"6.6.79","lessThan":"6.6.83","status":"affected","versionType":"semver"},{"version":"6.12.16","lessThan":"6.12.19","status":"affected","versionType":"semver"},{"version":"6.13.4","lessThan":"6.13.7","status":"affected","versionType":"semver"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.6.79","versionEndExcluding":"6.6.83"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.12.16","versionEndExcluding":"6.12.19"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13.4","versionEndExcluding":"6.13.7"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/026714ec7546de741826324a6a1914c91024d06c"},{"url":"https://git.kernel.org/stable/c/a899adf7063c6745aaff1ec869f3c7f6329ed0a1"},{"url":"https://git.kernel.org/stable/c/ea3f18d2f02629653b7bfe42607737ccd1343e54"},{"url":"https://git.kernel.org/stable/c/e53fc232a65f7488ab75d03a5b95f06aaada7262"}],"title":"HID: hid-steam: Fix use-after-free when detaching device","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"metrics":[{"cvssV3_1":{"scope":"UNCHANGED","version":"3.1","baseScore":7.8,"attackVector":"LOCAL","baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","integrityImpact":"HIGH","userInteraction":"NONE","attackComplexity":"LOW","availabilityImpact":"HIGH","privilegesRequired":"LOW","confidentialityImpact":"HIGH"}},{"other":{"type":"ssvc","content":{"id":"CVE-2025-21923","role":"CISA Coordinator","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"version":"2.0.3","timestamp":"2025-04-16T13:15:09.842820Z"}}}],"problemTypes":[{"descriptions":[{"lang":"en","type":"CWE","cweId":"CWE-416","description":"CWE-416 Use After Free"}]}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-04-16T13:19:53.000Z"}}]}}