AZL-59940

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-59940.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-59940

Upstream

CVE-2025-21923

Published

2025-04-01T16:15:23Z

Modified

2026-04-01T05:19:34.674510Z

Severity

7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

CVE-2025-21923 affecting package kernel for versions less than 6.6.85.1-2

Details

In the Linux kernel, the following vulnerability has been resolved:

HID: hid-steam: Fix use-after-free when detaching device

When a hid-steam device is removed it must clean up the clienthdev used for intercepting hidraw access. This can lead to scheduling deferred work to reattach the input device. Though the cleanup cancels the deferred work, this was done before the clienthdev itself is cleaned up, so it gets rescheduled. This patch fixes the ordering to make sure the deferred work is properly canceled.

References

https://nvd.nist.gov/vuln/detail/CVE-2025-21923

Affected packages

Azure Linux:3 / kernel

Package

Name: kernel
Purl: pkg:rpm/azure-linux/kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.6.85.1-2

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-59940.json"