CVE-2025-21928

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> HID: intel-ish-hid: Fix use-after-free issue in ishtp_hid_remove()<br /> <br /> The system can experience a random crash a few minutes after the driver is<br /> removed. This issue occurs due to improper handling of memory freeing in<br /> the ishtp_hid_remove() function.<br /> <br /> The function currently frees the `driver_data` directly within the loop<br /> that destroys the HID devices, which can lead to accessing freed memory.<br /> Specifically, `hid_destroy_device()` uses `driver_data` when it calls<br /> `hid_ishtp_set_feature()` to power off the sensor, so freeing<br /> `driver_data` beforehand can result in accessing invalid memory.<br /> <br /> This patch resolves the issue by storing the `driver_data` in a temporary<br /> variable before calling `hid_destroy_device()`, and then freeing the<br /> `driver_data` after the device is destroyed.