Vulnerability Description
Espressif ESP-IDF USB Host HID (Human Interface Device) Driver allows access to HID devices. Prior to 1.1.0, usb_class_request_get_descriptor() frees and reallocates hid_device->ctrl_xfer when an oversized descriptor is requested but continues to use the stale local pointer, leading to an immediate use-after-free when processing attacker-controlled Report Descriptor lengths. This vulnerability is fixed in 1.1.0.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Espressif | Usb Host Hid Driver | < 1.1.0 |
Related Weaknesses (CWE)
References
- https://components.espressif.com/components/espressif/usb_host_hid/versions/1.1.Release Notes
- https://github.com/espressif/esp-usb/commit/81b37c96593c0bec92ef14c6ee6bf8cab8d8Patch
- https://github.com/espressif/esp-usb/security/advisories/GHSA-2pm2-62mr-c9x7PatchVendor Advisory
FAQ
What is CVE-2025-68656?
CVE-2025-68656 is a vulnerability with a CVSS score of 6.8 (MEDIUM). Espressif ESP-IDF USB Host HID (Human Interface Device) Driver allows access to HID devices. Prior to 1.1.0, usb_class_request_get_descriptor() frees and reallocates hid_device->ctrl_xfer when an over...
How severe is CVE-2025-68656?
CVE-2025-68656 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-68656?
Check the references section above for vendor advisories and patch information. Affected products include: Espressif Usb Host Hid Driver.