Vulnerabilities > CVE-2025-21797 - Use After Free vulnerability in Linux Kernel

CVSS 7.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

linux

CWE-416

NVD

Published: 2025-02-27

Updated: 2025-03-13

Summary

In the Linux kernel, the following vulnerability has been resolved: HID: corsair-void: Add missing delayed work cancel for headset status The cancel_delayed_work_sync() call was missed, causing a use-after-free in corsair_void_remove().

Vulnerable Configurations

Part	Description	Count
OS	Linux Linux Linux Kernel 6.14 Linux Linux Kernel 6.13 Linux Linux Kernel 6.13.1 Linux Linux Kernel 6.13.2 Linux Linux Kernel 6.13.3	13

Common Weakness Enumeration (CWE)

CWE-416 - Use After Free

References

https://git.kernel.org/stable/c/2dcb56a0a4da6946f6c18288da595c13e0d2af86
https://git.kernel.org/stable/c/48e487b002891eb0aeaec704c9bed51f028deff1