Skip to main content

Mondoo Vulnerability Intelligence

Curated by Mondoo Research, enhanced with AI

Resources

Search Vulnerabilities
Trending CVEs
Browse Ecosystems
Terminology
Blog

Open Source

cnquery
cnspec

Star us on GitHub!

Company

Mondoo Platform
About
Contact

© 2026 Mondoo, Inc.

Privacy Policy Terms of Service Imprint

Vulnerability Intelligence

Vulnerability IntelligenceCVE-2025-68804

CVE-2025-68804

UNKNOWN

platform/chrome: cros_ec_ishtp: Fix UAF after unbinding driver

Published Jan 13, 2026

Modified 3 weeks ago

Details

In the Linux kernel, the following vulnerability has been resolved:

platform/chrome: cros_ec_ishtp: Fix UAF after unbinding driver

After unbinding the driver, another kthread cros_ec_console_log_work is still accessing the device, resulting an UAF and crash.

The driver doesn't unregister the EC device in .remove() which should shutdown sub-devices synchronously. Fix it.

References

https://git.kernel.org/stable/c/24a2062257bbdfc831de5ed21c27b04b5bdf2437

https://git.kernel.org/stable/c/27037916db38e6b78a0242031d3b93d997b84020

https://git.kernel.org/stable/c/393b8f9bedc7806acb9c47cefdbdb223b4b6164b

https://git.kernel.org/stable/c/4701493ba37654b3c38b526f6591cf0b02aa172f

https://git.kernel.org/stable/c/8dc1f5a85286290dbf04dd5951d020570f49779b

https://git.kernel.org/stable/c/944edca81e7aea15f83cf9a13a6ab67f711e8abd

https://git.kernel.org/stable/c/e1da6e399df976dd04c7c73ec008bc81da368a95

https://www.cve.org/CVERecord?id=CVE-2025-68804

Ecosystems

Timeline

PublishedJan 13, 2026

ModifiedFeb 9, 2026

CVE-2025-68804 | Mondoo Vulnerability Intelligence