CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

6 matches found

Cvelist•added 2026/01/12 5:26 p.m.•18 views

CVE-2025-68657 espressif/usb_host_hid Double-Free Race Condition in USB Host HID Device Close Path

Espressif ESP-IDF USB Host HID Human Interface Device Driver allows access to HID devices. Prior to 1.1.0, calls to hidhostdeviceclose can free the same usbtransfert twice. The USB event callback and user code share the hidifacet state without locking, so both can tear down a READY interface...

6.4CVSS0.00139EPSS

Exploits0References3

Vulnrichment•added 2026/01/12 5:26 p.m.•2 views

CVE-2025-68657 espressif/usb_host_hid Double-Free Race Condition in USB Host HID Device Close Path

6.4CVSS6.7AI score0.00139EPSS

Exploits0References3

OSV•added 2026/01/12 5:26 p.m.•5 views

CVE-2025-68657 espressif/usb_host_hid Double-Free Race Condition in USB Host HID Device Close Path

6.4CVSS7AI score0.00139EPSS

Exploits0References5

OSV•added 2026/01/12 5:23 p.m.•4 views

CVE-2025-68656 Espressif ESP-IDF USB Host HID (Human Interface Device) Driver Descriptor Use-After-Free Vulnerability

Espressif ESP-IDF USB Host HID Human Interface Device Driver allows access to HID devices. Prior to 1.1.0, usbclassrequestgetdescriptor frees and reallocates hiddevice-ctrlxfer when an oversized descriptor is requested but continues to use the stale local pointer, leading to an immediate...

6.8CVSS6.5AI score0.00183EPSS

Exploits0References5

Positive Technologies•added 2026/01/12 12:0 a.m.•5 views

PT-2026-2284

Name of the Vulnerable Software and Affected Versions Espressif ESP-IDF versions prior to 1.1.0 Description The USB Host HID Human Interface Device Driver in ESP-IDF allows access to HID devices. A flaw exists in the usb class request get descriptor function where it frees and reallocates hid...

6.8CVSS6.2AI score0.00183EPSS

Exploits0References9