CVE-2025-68804

Linux Kernel 5.3.0-6.18.2 - Use-After-Free in cros_ec_ishtp Driver

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: platform/chrome: cros_ec_ishtp: Fix UAF after unbinding driver After unbinding the driver, another kthread `cros_ec_console_log_work` is still accessing the device, resulting an UAF and crash. The driver doesn't unregister the EC device in .remove() which should shutdown sub-devices synchronously. Fix it.

References (7)

Core 7

Core References

Patch

https://git.kernel.org/stable/c/27037916db38e6b78a0242031d3b93d997b84020

Patch

https://git.kernel.org/stable/c/e1da6e399df976dd04c7c73ec008bc81da368a95

Patch

https://git.kernel.org/stable/c/8dc1f5a85286290dbf04dd5951d020570f49779b

Patch

https://git.kernel.org/stable/c/393b8f9bedc7806acb9c47cefdbdb223b4b6164b

Patch

https://git.kernel.org/stable/c/4701493ba37654b3c38b526f6591cf0b02aa172f

Patch

https://git.kernel.org/stable/c/24a2062257bbdfc831de5ed21c27b04b5bdf2437

Patch

https://git.kernel.org/stable/c/944edca81e7aea15f83cf9a13a6ab67f711e8abd

Scores

EPSS 0.0007

EPSS Percentile 21.0%

Details

Status published

Products (22)

linux/Kernel 5.11.0 - 5.15.198linux

linux/Kernel 5.16.0 - 6.1.160linux

linux/Kernel 5.3.0 - 5.10.248linux

linux/Kernel 6.13.0 - 6.18.3linux

linux/Kernel 6.2.0 - 6.6.120linux

linux/Kernel 6.7.0 - 6.12.64linux

Linux/Linux < 5.3

Linux/Linux 26a14267aff218c60b89007fdb44ca392ba6122c - 24a2062257bbdfc831de5ed21c27b04b5bdf2437

Linux/Linux 26a14267aff218c60b89007fdb44ca392ba6122c - 27037916db38e6b78a0242031d3b93d997b84020

Linux/Linux 26a14267aff218c60b89007fdb44ca392ba6122c - 393b8f9bedc7806acb9c47cefdbdb223b4b6164b

... and 12 more

Published Jan 13, 2026

Tracked Since Feb 18, 2026