CVE-2025-21917

Summary

In the Linux kernel, the following vulnerability has been resolved:

usb: renesas_usbhs: Flush the notify_hotplug_work

When performing continuous unbind/bind operations on the USB drivers available on the Renesas RZ/G2L SoC, a kernel crash with the message "Unable to handle kernel NULL pointer dereference at virtual address" may occur. This issue points to the usbhsc_notify_hotplug() function.

Flush the delayed work to avoid its execution when driver resources are unavailable.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxbc57381e634782009b1cb2e86b18013699ada576 < 4cd847a7b630a85493d0294ad9542c21aafaa246affected
LinuxLinuxbc57381e634782009b1cb2e86b18013699ada576 < 394965f90454d6f00fe11879142b720c6c1a872eaffected
LinuxLinuxbc57381e634782009b1cb2e86b18013699ada576 < 3248c1f833f924246cb98ce7da4569133c1b2292affected
LinuxLinuxbc57381e634782009b1cb2e86b18013699ada576 < 4ca078084cdd5f32d533311d6a0b63a60dcadd41affected
LinuxLinuxbc57381e634782009b1cb2e86b18013699ada576 < d50f5c0cd949593eb9a3d822b34d7b50046a06b7affected
LinuxLinuxbc57381e634782009b1cb2e86b18013699ada576 < e5aac1c9b2974636db7ce796ffa6de88fa08335eaffected
LinuxLinuxbc57381e634782009b1cb2e86b18013699ada576 < 830818c8e70c0364e377f0c243b28061ef7967ebaffected
LinuxLinuxbc57381e634782009b1cb2e86b18013699ada576 < 552ca6b87e3778f3dd5b87842f95138162e16c82affected
LinuxLinux3.0affected
LinuxLinux0 < 3.0unaffected
LinuxLinux5.4.291 <= 5.4.*unaffected
LinuxLinux5.10.235 <= 5.10.*unaffected
LinuxLinux5.15.179 <= 5.15.*unaffected
LinuxLinux6.1.131 <= 6.1.*unaffected
LinuxLinux6.6.83 <= 6.6.*unaffected
LinuxLinux6.12.19 <= 6.12.*unaffected
LinuxLinux6.13.7 <= 6.13.*unaffected
LinuxLinux6.14 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References