CVE-2025-21917
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2025-21917
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-21917.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2025-21917
- Downstream
- Related
- Published
- 2025-04-01T15:40:53.042Z
- Modified
- 2025-11-28T02:35:16.947423Z
- Severity
-
- 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- usb: renesas_usbhs: Flush the notify_hotplug_work
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
usb: renesasusbhs: Flush the notifyhotplug_work
When performing continuous unbind/bind operations on the USB drivers available on the Renesas RZ/G2L SoC, a kernel crash with the message "Unable to handle kernel NULL pointer dereference at virtual address" may occur. This issue points to the usbhscnotifyhotplug() function.
Flush the delayed work to avoid its execution when driver resources are unavailable.
- Database specific
{ "cna_assigner": "Linux", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/21xxx/CVE-2025-21917.json" }- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/3248c1f833f924246cb98ce7da4569133c1b2292
- https://git.kernel.org/stable/c/394965f90454d6f00fe11879142b720c6c1a872e
- https://git.kernel.org/stable/c/4ca078084cdd5f32d533311d6a0b63a60dcadd41
- https://git.kernel.org/stable/c/4cd847a7b630a85493d0294ad9542c21aafaa246
- https://git.kernel.org/stable/c/552ca6b87e3778f3dd5b87842f95138162e16c82
- https://git.kernel.org/stable/c/830818c8e70c0364e377f0c243b28061ef7967eb
- https://git.kernel.org/stable/c/d50f5c0cd949593eb9a3d822b34d7b50046a06b7
- https://git.kernel.org/stable/c/e5aac1c9b2974636db7ce796ffa6de88fa08335e
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/21xxx/CVE-2025-21917.json
- https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html
- https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html
- https://nvd.nist.gov/vuln/detail/CVE-2025-21917
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedbc57381e634782009b1cb2e86b18013699ada576Fixed4cd847a7b630a85493d0294ad9542c21aafaa246Fixed394965f90454d6f00fe11879142b720c6c1a872eFixed3248c1f833f924246cb98ce7da4569133c1b2292Fixed4ca078084cdd5f32d533311d6a0b63a60dcadd41Fixedd50f5c0cd949593eb9a3d822b34d7b50046a06b7Fixede5aac1c9b2974636db7ce796ffa6de88fa08335eFixed830818c8e70c0364e377f0c243b28061ef7967ebFixed552ca6b87e3778f3dd5b87842f95138162e16c82
Linux / Kernel
Package
- Name
- Kernel
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced3.0.0Fixed5.4.291
- Type
- ECOSYSTEM
- Events
-
Introduced5.5.0Fixed5.10.235
- Type
- ECOSYSTEM
- Events
-
Introduced5.11.0Fixed5.15.179
- Type
- ECOSYSTEM
- Events
-
Introduced5.16.0Fixed6.1.131
- Type
- ECOSYSTEM
- Events
-
Introduced6.2.0Fixed6.6.83
- Type
- ECOSYSTEM
- Events
-
Introduced6.7.0Fixed6.12.19
- Type
- ECOSYSTEM
- Events
-
Introduced6.13.0Fixed6.13.7