CVE-2025-40093 | THREATINT

Description

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_ecm: Refactor bind path to use __free() After an bind/unbind cycle, the ecm->notify_req is left stale. If a subsequent bind fails, the unified error label attempts to free this stale request, leading to a NULL pointer dereference when accessing ep->ops->free_request. Refactor the error handling in the bind path to use the __free() automatic cleanup mechanism.

PUBLISHED Reserved 2025-04-16 | Published 2025-10-30 | Updated 2025-10-30 | Assigner Linux

Product status

Default status

unaffected

da741b8c56d612b5dd26ffa31341911a5fea23ee (git) before d3745aaef19198d0c81637a7dd50ef53c4f879b7

affected

da741b8c56d612b5dd26ffa31341911a5fea23ee (git) before 070f341d86cf2c098d63e484a86c7c1d2696a868

affected

da741b8c56d612b5dd26ffa31341911a5fea23ee (git) before 15b9faf53ba8719700596e7ef78879ce200e8c2e

affected

da741b8c56d612b5dd26ffa31341911a5fea23ee (git) before 4630c68bade82f087eaaab22e9a361da2f18d139

affected

da741b8c56d612b5dd26ffa31341911a5fea23ee (git) before 42988380ac67c76bb9dff8f77d7ef3eefd50b7b5

affected

Default status

affected

2.6.27

affected

Any version before 2.6.27

unaffected

6.1.158 (semver)

unaffected

6.6.114 (semver)

unaffected

6.12.55 (semver)

unaffected

6.17.5 (semver)

unaffected

6.18-rc1 (original_commit_for_fix)

unaffected

References

git.kernel.org/...c/d3745aaef19198d0c81637a7dd50ef53c4f879b7

git.kernel.org/...c/070f341d86cf2c098d63e484a86c7c1d2696a868

git.kernel.org/...c/15b9faf53ba8719700596e7ef78879ce200e8c2e

git.kernel.org/...c/4630c68bade82f087eaaab22e9a361da2f18d139

git.kernel.org/...c/42988380ac67c76bb9dff8f77d7ef3eefd50b7b5

cve.org (CVE-2025-40093)

nvd.nist.gov (CVE-2025-40093)

Download JSON

help @ threatint.eu