CVE-2025-21917

Source
https://nvd.nist.gov/vuln/detail/CVE-2025-21917
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-21917.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2025-21917
Downstream
Related
Published
2025-04-01T16:15:22Z
Modified
2025-10-01T20:18:33Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

In the Linux kernel, the following vulnerability has been resolved:

usb: renesasusbhs: Flush the notifyhotplug_work

When performing continuous unbind/bind operations on the USB drivers available on the Renesas RZ/G2L SoC, a kernel crash with the message "Unable to handle kernel NULL pointer dereference at virtual address" may occur. This issue points to the usbhscnotifyhotplug() function.

Flush the delayed work to avoid its execution when driver resources are unavailable.

References

Affected packages