CVE-2025-68804

Summary

In the Linux kernel, the following vulnerability has been resolved:

platform/chrome: cros_ec_ishtp: Fix UAF after unbinding driver

After unbinding the driver, another kthread cros_ec_console_log_work is still accessing the device, resulting an UAF and crash.

The driver doesn't unregister the EC device in .remove() which should shutdown sub-devices synchronously. Fix it.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux26a14267aff218c60b89007fdb44ca392ba6122c < 27037916db38e6b78a0242031d3b93d997b84020affected
LinuxLinux26a14267aff218c60b89007fdb44ca392ba6122c < e1da6e399df976dd04c7c73ec008bc81da368a95affected
LinuxLinux26a14267aff218c60b89007fdb44ca392ba6122c < 8dc1f5a85286290dbf04dd5951d020570f49779baffected
LinuxLinux26a14267aff218c60b89007fdb44ca392ba6122c < 393b8f9bedc7806acb9c47cefdbdb223b4b6164baffected
LinuxLinux26a14267aff218c60b89007fdb44ca392ba6122c < 4701493ba37654b3c38b526f6591cf0b02aa172faffected
LinuxLinux26a14267aff218c60b89007fdb44ca392ba6122c < 24a2062257bbdfc831de5ed21c27b04b5bdf2437affected
LinuxLinux26a14267aff218c60b89007fdb44ca392ba6122c < 944edca81e7aea15f83cf9a13a6ab67f711e8abdaffected
LinuxLinux5.3affected
LinuxLinux0 < 5.3unaffected
LinuxLinux5.10.248 <= 5.10.*unaffected
LinuxLinux5.15.198 <= 5.15.*unaffected
LinuxLinux6.1.160 <= 6.1.*unaffected
LinuxLinux6.6.120 <= 6.6.*unaffected
LinuxLinux6.12.64 <= 6.12.*unaffected
LinuxLinux6.18.3 <= 6.18.*unaffected
LinuxLinux6.19 <= *unaffected

Weaknesses

References