CVE-2025-68656
- Source
- https://cve.org/CVERecord?id=CVE-2025-68656
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-68656.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-68656
- Aliases
-
- GHSA-2pm2-62mr-c9x7
- Published
- 2026-01-12T17:23:19.393Z
- Modified
- 2026-01-24T05:49:59.290187Z
- Severity
-
- 6.8 (Medium) CVSS_V3 - CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- Espressif ESP-IDF USB Host HID (Human Interface Device) Driver Descriptor Use-After-Free Vulnerability
- Details
-
Espressif ESP-IDF USB Host HID (Human Interface Device) Driver allows access to HID devices. Prior to 1.1.0, usbclassrequestgetdescriptor() frees and reallocates hiddevice->ctrlxfer when an oversized descriptor is requested but continues to use the stale local pointer, leading to an immediate use-after-free when processing attacker-controlled Report Descriptor lengths. This vulnerability is fixed in 1.1.0.
- Database specific
{ "cna_assigner": "GitHub_M", "cwe_ids": [ "CWE-416" ], "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/68xxx/CVE-2025-68656.json" }- References
-
- https://components.espressif.com/components/espressif/usb_host_hid/versions/1.1.0/changelog
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/68xxx/CVE-2025-68656.json
- https://github.com/espressif/esp-usb/commit/81b37c96593c0bec92ef14c6ee6bf8cab8d8f660
- https://github.com/espressif/esp-usb/security/advisories/GHSA-2pm2-62mr-c9x7
- https://nvd.nist.gov/vuln/detail/CVE-2025-68656
Affected packages
Git / github.com/espressif/esp-usb
Affected ranges
- Type
- GIT
- Repo
- https://github.com/espressif/esp-usb
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Database specific
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-68656.json"
vanir_signatures
[
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"line_hashes": [
"30573588756043735646226924571064505577",
"23911667416852953725167665379109266753",
"33166015126901929289317497830519526768",
"104260068353780769148812606905544769287",
"7812249450478543112833420089341392170",
"87786414630597171720591260029246164445",
"56774712647867641726989552907116976921",
"259900246121263847868352100350503105051"
],
"threshold": 0.9
},
"signature_type": "Line",
"id": "CVE-2025-68656-1458d7f6",
"source": "https://github.com/espressif/esp-usb/commit/81b37c96593c0bec92ef14c6ee6bf8cab8d8f660",
"target": {
"file": "host/class/hid/usb_host_hid/test_app/main/test_hid_basic.c"
}
},
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"length": 858.0,
"function_hash": "9342089019325999056679554263420905961"
},
"signature_type": "Function",
"id": "CVE-2025-68656-612358cc",
"source": "https://github.com/espressif/esp-usb/commit/81b37c96593c0bec92ef14c6ee6bf8cab8d8f660",
"target": {
"function": "hid_host_install_device",
"file": "host/class/hid/usb_host_hid/hid_host.c"
}
},
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"length": 1487.0,
"function_hash": "108607147983006969163785848662868780293"
},
"signature_type": "Function",
"id": "CVE-2025-68656-71430e58",
"source": "https://github.com/espressif/esp-usb/commit/81b37c96593c0bec92ef14c6ee6bf8cab8d8f660",
"target": {
"function": "usb_class_request_get_descriptor",
"file": "host/class/hid/usb_host_hid/hid_host.c"
}
},
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"line_hashes": [
"28425058976442883315737745156273014428",
"161522489015459116336640338878484415553",
"251827597518431817758565970001274792046",
"320640235656502241084909974052448744943",
"156825895259398369196331483210007288931",
"212083530847573584389791588372978610980",
"250681035091624444688397517552560928994",
"321348487290859793544921390086787353758",
"118495057352433583449636518590724759979",
"285567286893184623516964851943801043604",
"141779320287872826577826447010504602735",
"102005580422893304879937562354224173590",
"20278796678253212653630947733354121818",
"149236248529896685834625529077043315813",
"88162399843979378308659898305405453594",
"192259400523435597261546612104167587624",
"91117872813100645860192280327061381277",
"106620973041469152816559002625696783708",
"16349469642712436941292686513512784675",
"200876151116197210280128004739889858777",
"212256096070837805518628230549286893812",
"111958907429725610982438696333292386272",
"32408084092445821195742608458631870437",
"80082423418012376483990991491280458254",
"233648505953951797188511084875411529115",
"225359350596965484968339054689649202709",
"54485289847391165439903047055548932321",
"119659045062870254072934941046727265130",
"171452440065868064727010315727099274407",
"144579667792973117322792525635186940434",
"239075532477601871254146648245515128718",
"44448667522050194197936632721420516274",
"87910990248643795459505896691511783272",
"239256771868193941581438817935769586903",
"130718469705183504804758929707821288664",
"54479226793597121194696118718431540024",
"150203824154907256606604897146914945230",
"275736503956006538418599807761605580901",
"272807343216455469867383182785929622799",
"6910206916613769815008259151989503436",
"49978950435798412755146335978971265562",
"214606511111825038341187911693881556603",
"128413812614670138920699797134130425818"
],
"threshold": 0.9
},
"signature_type": "Line",
"id": "CVE-2025-68656-e7ec228d",
"source": "https://github.com/espressif/esp-usb/commit/81b37c96593c0bec92ef14c6ee6bf8cab8d8f660",
"target": {
"file": "host/class/hid/usb_host_hid/hid_host.c"
}
}
]