CVE-2025-68657 MEDIUM

CVE-2025-68657: espressif/usb_host_hid Double-Free Race Condition in USB Host HID Device Close Path

Vendor Espressif
Product esp-usb
Weakness CWE-415
Published January 12, 2026
Last update January 12, 2026

CVSS base score

6.4/10
Attack vector Physical
Attack complexity High
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

Espressif ESP-IDF USB Host HID (Human Interface Device) Driver allows access to HID devices. Prior to 1.1.0, calls to hid_host_device_close() can free the same usb_transfer_t twice. The USB event callback and user code share the hid_iface_t state without locking, so both can tear down a READY interface simultaneously, corrupting heap metadata inside the ESP USB host stack. This vulnerability is fixed in 1.1.0.

Key dates

02Disclosure timeline

January 12, 2026 CVE published
January 12, 2026 Record updated