CVE-2025-21917
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2025-21917
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-21917.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2025-21917
- Downstream
- Related
- Published
- 2025-04-01T16:15:22Z
- Modified
- 2025-10-01T20:18:33Z
- Severity
-
- 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
usb: renesasusbhs: Flush the notifyhotplug_work
When performing continuous unbind/bind operations on the USB drivers available on the Renesas RZ/G2L SoC, a kernel crash with the message "Unable to handle kernel NULL pointer dereference at virtual address" may occur. This issue points to the usbhscnotifyhotplug() function.
Flush the delayed work to avoid its execution when driver resources are unavailable.
- References
-
- https://git.kernel.org/stable/c/3248c1f833f924246cb98ce7da4569133c1b2292
- https://git.kernel.org/stable/c/394965f90454d6f00fe11879142b720c6c1a872e
- https://git.kernel.org/stable/c/4ca078084cdd5f32d533311d6a0b63a60dcadd41
- https://git.kernel.org/stable/c/4cd847a7b630a85493d0294ad9542c21aafaa246
- https://git.kernel.org/stable/c/552ca6b87e3778f3dd5b87842f95138162e16c82
- https://git.kernel.org/stable/c/830818c8e70c0364e377f0c243b28061ef7967eb
- https://git.kernel.org/stable/c/d50f5c0cd949593eb9a3d822b34d7b50046a06b7
- https://git.kernel.org/stable/c/e5aac1c9b2974636db7ce796ffa6de88fa08335e