Merge pull request #392 from espressif/docs/vulnerabilities_2025

tore-espressif · web-flow · commit 79f66f727a6c · 2026-02-10T09:03:43.000+01:00
docs: Add security vulnerabilities section
diff --git a/docs/en/index.rst b/docs/en/index.rst
@@ -14,3 +14,4 @@ Welcome to the ESP-USB Programming Guide.
 
    usb_host
    usb_device
+   vulnerabilities
diff --git a/docs/en/vulnerabilities.rst b/docs/en/vulnerabilities.rst
@@ -0,0 +1,37 @@
+Vulnerabilities
+===============
+
+This page briefly lists all of the vulnerabilities that are discovered and fixed in each release of USB Components. Please note that for the on-going issues or the issues under embargo period, the information on this page may reflect once the desired resolution has been achieved.
+
+
+CVE-2025
+--------
+
+CVE-2025-68622
+~~~~~~~~~~~~~~
+
+Stack buffer overflow in UVC descriptor printing
+
+* Security Advisory: `GHSA-g65h-9ggq-9827 <https://github.com/espressif/esp-usb/security/advisories/GHSA-g65h-9ggq-9827>`__.
+* Impact: Applicable for usb_host_uvc component
+* Resolution: Please see advisory for details
+
+
+CVE-2025-68656
+~~~~~~~~~~~~~~
+
+USB Host HID Descriptor Use-After-Free Vulnerability
+
+* Security Advisory: `GHSA-2pm2-62mr-c9x7 <https://github.com/espressif/esp-usb/security/advisories/GHSA-2pm2-62mr-c9x7>`__.
+* Impact: Applicable for usb_host_hid component
+* Resolution: Please see advisory for details
+
+
+CVE-2025-68657
+~~~~~~~~~~~~~~
+
+Double-Free Race Condition in USB Host HID Device Close Path
+
+* Security Advisory: `GHSA-gp8r-qjfr-gqfv <https://github.com/espressif/esp-usb/security/advisories/GHSA-gp8r-qjfr-gqfv>`__.
+* Impact: Applicable for usb_host_hid component
+* Resolution: Please see advisory for details

Original file line number	Diff line number	Diff line change
`@@ -14,3 +14,4 @@ Welcome to the ESP-USB Programming Guide.`
`14`	`14`
`15`	`15`	`usb_host`
`16`	`16`	`usb_device`
	`17`	`+ vulnerabilities`