CNNVD-202601-1826 Information
CNNVD ID
CNNVD-202601-1826
Related CVE
- CNNVD Published: 2026-01-12
Description (Chinese)
Espressif ESP-IDF是中国乐鑫(Espressif)公司的一款物联网开发框架。 Espressif ESP-IDF 1.1.0之前版本存在安全漏洞,该漏洞源于USB事件回调和用户代码共享状态而无锁定,可能导致双重释放。
Description (English)
Espressif ESP-IDF is a framework for networking development of a piece of the Chinese company Espressif. The previous version of Espressif ESP-IDF 1.1.0 had a security loophole, which originated from USB incident recall and user code sharing without locking in, and could lead to double release.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
乐鑫
Published
2026-01-12
Last Modified
2026-02-24
References
https://github.com/espressif/esp-usb/security/advisories/GHSA-gp8r-qjfr-gqfv https://github.com/espressif/esp-usb/commit/cd28106e9f72ac2719682c06f94601f9f034390b https://components.espressif.com/components/espressif/usb_host_hid/versions/1.1.0/changelog https://access.redhat.com/security/cve/cve-2025-68657
Patch
https://github.com/espressif/esp-usb
Share on: