Wind River Support Network

HomeDefectsLIN1025-7434
Acknowledged

LIN1025-7434 : Security Advisory - linux - CVE-2025-68804

Created: Jan 13, 2026    Updated: Jan 16, 2026
Found In Version: 10.25.33.2
Severity: Standard
Applicable for: Wind River Linux LTS 25
Component/s: Kernel

Description

In the Linux kernel, the following vulnerability has been resolved:

platform/chrome: cros_ec_ishtp: Fix UAF after unbinding driver

After unbinding the driver, another kthread `cros_ec_console_log_work`
is still accessing the device, resulting an UAF and crash.

The driver doesn't unregister the EC device in .remove() which should
shutdown sub-devices synchronously.  Fix it.
Live chat
Online
  • Linkedin
  • Facebook
  • Twitter
  • Youtube