CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
CVE-2025-21797: HID: corsair-void: Add missing delayed work cancel for headset status
Description
In the Linux kernel, the following vulnerability has been resolved:
HID: corsair-void: Add missing delayed work cancel for headset status
The cancel_delayed_work_sync() call was missed, causing a use-after-free
in corsair_void_remove().
Classification
CVE ID: CVE-2025-21797
Affected Products
Vendor: Linux, Linux
Product: Linux, Linux
Exploit Prediction Scoring System (EPSS)
EPSS Score: 0.02% (probability of being exploited)
EPSS Percentile: 1.46% (scored less or equal to compared to others)
EPSS Date: 2025-03-27 (when was this score calculated)
References
https://nvd.nist.gov/vuln/detail/CVE-2025-21797https://git.kernel.org/stable/c/2dcb56a0a4da6946f6c18288da595c13e0d2af86
https://git.kernel.org/stable/c/48e487b002891eb0aeaec704c9bed51f028deff1