CVE-2025-68657
- Source
- https://cve.org/CVERecord?id=CVE-2025-68657
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-68657.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-68657
- Aliases
-
- GHSA-gp8r-qjfr-gqfv
- Published
- 2026-01-12T17:26:51.106Z
- Modified
- 2026-03-14T12:46:11.077142Z
- Severity
-
- 6.4 (Medium) CVSS_V3 - CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- espressif/usb_host_hid Double-Free Race Condition in USB Host HID Device Close Path
- Details
-
Espressif ESP-IDF USB Host HID (Human Interface Device) Driver allows access to HID devices. Prior to 1.1.0, calls to hidhostdeviceclose() can free the same usbtransfert twice. The USB event callback and user code share the hidiface_t state without locking, so both can tear down a READY interface simultaneously, corrupting heap metadata inside the ESP USB host stack. This vulnerability is fixed in 1.1.0.
- Database specific
{ "cwe_ids": [ "CWE-415", "CWE-667" ], "cna_assigner": "GitHub_M", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/68xxx/CVE-2025-68657.json" }- References
-
- https://components.espressif.com/components/espressif/usb_host_hid/versions/1.1.0/changelog
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/68xxx/CVE-2025-68657.json
- https://github.com/espressif/esp-usb/commit/cd28106e9f72ac2719682c06f94601f9f034390b
- https://github.com/espressif/esp-usb/security/advisories/GHSA-gp8r-qjfr-gqfv
- https://nvd.nist.gov/vuln/detail/CVE-2025-68657
Affected packages
Git / github.com/espressif/esp-usb
Affected ranges
- Type
- GIT
- Repo
- https://github.com/espressif/esp-usb
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Database specific
vanir_signatures
[
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"30059902959719223728686831239177778118",
"285963614798108561872727386352773485136",
"119165241890344489025349077116587187560",
"128335707530737808352647727778230312768",
"288562245064709195906862671296597600957",
"31104547965288659944436545158520147406",
"129257558281413802327153871440721767402",
"273978619899979763309979634115312329799",
"162186581684099902836105147373691070179",
"135130317461850781010484320646835778523",
"39963129254550502243836062919492119074",
"188287392117385428183930460128757281929",
"8318115162049314784657282040395703793",
"307936044872286242343127956445912867919",
"47136762334499962145120644816657144646",
"164916455402196958213817403875837545572"
]
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Line",
"id": "CVE-2025-68657-2fdde4c8",
"target": {
"file": "host/class/hid/usb_host_hid/host_test/main/test_unit_public_api.cpp"
},
"source": "https://github.com/espressif/esp-usb/commit/cd28106e9f72ac2719682c06f94601f9f034390b"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"317431736727077178430566601311633126329",
"11965325182315798619036373621130204337",
"157601005076460723488845905934602495659",
"320371255255788229921174287719050522943",
"7726379510135357623363061099280589519",
"224425578766365796869602225488429478982",
"71209981616149660439969654120447749364",
"189018428146529093073173096052504410622",
"182828568745217690384919863635779194657",
"116904142387097701051439642001437098560",
"199075687145967229650639406008773537702",
"93518635804011568074340329603749235613",
"257836194585415637590416802476503168096",
"43079569394314454712774747418082419626",
"40695248375511197040810124120887237511",
"101243674174455481569000648325401186565",
"264360025287952073304257772068567617444",
"271565586682750817808379138868857699856",
"183472960021821154417388552224329760076",
"207453348742026785315392039102838877627",
"1954761426158636357242083693994306941",
"277682040403965813907332844305754625450",
"87571841761471223943022745908420226497",
"109720956475786011586599802014132048408",
"64231440618150049112296693368891937633",
"309612244660767476622876698373844017538",
"305201065232819847552087850889072344233",
"61854139818344338042941203617325443654",
"252066288418127671504466436023858162125",
"316219117457211066859536217870925267275",
"21643024785325789694792592596522394630",
"248467635829807809928300965794906808077",
"273768183447033317444913485690089633170",
"290669156103857253716802532089484782254",
"294258041975156339036726979723415706872",
"112306762740118522577276898120331964283",
"318206049362723772447292385987165753875",
"160616459741483762933426568828554415940",
"62605791478431467788875902106507286066",
"70966669833368764005282404749371604337",
"204566098665357669511088433195528020922",
"92071287927179216009984253237803211304",
"280436431198999267904837224512642949676",
"60585026020977152616712682228878230551",
"3743857459903805422115785711100275710",
"298882557963801581730478615433325978401",
"323056717340477728131970609024830238304",
"216229301394163525873560928989133031766",
"159121873434745474493943648553811225922",
"178256419060420600415641735355343854451",
"130821493770002546770045411523391215238",
"203858286869053109631721799705447655677",
"1537961256369539501316962052235520601",
"285579303058010440766736954883814697981",
"332360249562558261913349422253074978179",
"21821528802043271888867467384976954905",
"310755213516851029742677341999930068899",
"138560798683585993834468467966616377001",
"80378945058732063312026995787981672256",
"334284153805035299268303568371711569307",
"27190492413543455836147854331558847149",
"107179362830008946166519866076057652240",
"337184735114517523916410381281041502597",
"300672662104448849710005012961848853456",
"281445838997736818996496239329214876032",
"191591196258748102335264098112449250232",
"252048669472544976203388763294723850575",
"56684497966667560706229497948025663990",
"217505786555571955175343808946716709227",
"277425924146376861306454606706592709443",
"210193719619621085253108386346876338899",
"249442032732751246059334791814512851700",
"187131192114381937487959414921187766289",
"34801397383222989363703100891488872170",
"251647911224242227167429309176639184379"
]
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Line",
"id": "CVE-2025-68657-5a4ef9e4",
"target": {
"file": "host/class/hid/usb_host_hid/hid_host.c"
},
"source": "https://github.com/espressif/esp-usb/commit/cd28106e9f72ac2719682c06f94601f9f034390b"
},
{
"digest": {
"length": 642.0,
"function_hash": "95950087911555324263429344208724433842"
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function",
"id": "CVE-2025-68657-7746f372",
"target": {
"function": "hid_host_device_open",
"file": "host/class/hid/usb_host_hid/hid_host.c"
},
"source": "https://github.com/espressif/esp-usb/commit/cd28106e9f72ac2719682c06f94601f9f034390b"
},
{
"digest": {
"length": 1765.0,
"function_hash": "174576381523626770998728880582572143226"
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function",
"id": "CVE-2025-68657-915d305b",
"target": {
"function": "hid_host_install",
"file": "host/class/hid/usb_host_hid/hid_host.c"
},
"source": "https://github.com/espressif/esp-usb/commit/cd28106e9f72ac2719682c06f94601f9f034390b"
},
{
"digest": {
"length": 790.0,
"function_hash": "262657278906583620714720641570902088343"
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function",
"id": "CVE-2025-68657-bfb97f09",
"target": {
"function": "hid_host_uninstall",
"file": "host/class/hid/usb_host_hid/hid_host.c"
},
"source": "https://github.com/espressif/esp-usb/commit/cd28106e9f72ac2719682c06f94601f9f034390b"
},
{
"digest": {
"length": 1015.0,
"function_hash": "9054868818134162563273747485357870261"
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function",
"id": "CVE-2025-68657-da717301",
"target": {
"function": "hid_host_device_close",
"file": "host/class/hid/usb_host_hid/hid_host.c"
},
"source": "https://github.com/espressif/esp-usb/commit/cd28106e9f72ac2719682c06f94601f9f034390b"
}
]
unresolved_ranges
[
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.1.0"
}
]
}
]
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-68657.json"