CVE-2025-21928: 
Linux Kernel vulnerability analysis and mitigation

A use-after-free vulnerability (CVE-2025-21928) was discovered in the Linux kernel's Intel ISH HID driver, specifically in the ishtphidremove() function. The vulnerability was disclosed on April 1, 2025, affecting Linux kernel versions from 5.5 through 5.10.235, 5.11 through 5.15.179, and version 6.14 release candidates (rc1-rc3) (NVD).

The vulnerability occurs due to improper handling of memory freeing in the ishtphidremove() function. The function frees the driver_data directly within the loop that destroys HID devices, which can lead to accessing freed memory. When hiddestroydevice() calls hidishtpsetfeature() to power off the sensor, it attempts to use the already freed `driverdata`. The vulnerability has been assigned a CVSS v3.1 base score of 7.8 (HIGH) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (NVD).

The vulnerability can cause system crashes a few minutes after the driver is removed due to accessing invalid memory. The high CVSS score indicates potential impacts on confidentiality, integrity, and availability of the system when successfully exploited (NVD).

The vulnerability has been patched by storing the driver_data in a temporary variable before calling hid_destroy_device(), and then freeing the driver_data after the device is destroyed. The fix has been included in various kernel versions, and users are advised to update their systems. Debian has released security update DSA 5900-1 to address this vulnerability (Debian Security).