CVE-2025-40095

Published: Oct 30, 2025

Modified: May 11, 2026

PUBLISHED

Description

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_rndis: Refactor bind path to use __free() After an bind/unbind cycle, the rndis->notify_req is left stale. If a subsequent bind fails, the unified error label attempts to free this stale request, leading to a NULL pointer dereference when accessing ep->ops->free_request. Refactor the error handling in the bind path to use the __free() automatic cleanup mechanism.

Vendor	Product	Versions
Linux	Linux	affected `45fe3b8e5342cd1ce307099459c74011d8e01986 - < ef81226bb1f8b6e761cd0b53d2696e9c1bc955d1` affected `45fe3b8e5342cd1ce307099459c74011d8e01986 - < 5f65c8ad8c7292ed7e3716343fcd590a51818cc3` affected `45fe3b8e5342cd1ce307099459c74011d8e01986 - < 380353c3a92be7d928e6f973bd065c5b79755ac3` affected `45fe3b8e5342cd1ce307099459c74011d8e01986 - < a8366263b7e5b663d7fb489d3a9ba1e2600049a6` affected `45fe3b8e5342cd1ce307099459c74011d8e01986 - < 08228941436047bdcd35a612c1aec0912a29d8cd`
Linux	Linux	affected `2.6.27` unaffected `0 - < 2.6.27` unaffected `6.1.158 - <= 6.1.` unaffected `6.6.114 - <= 6.6.` unaffected `6.12.55 - <= 6.12.*` +2 more versions

References

https://git.kernel.org/stable/c/ef81226bb1f8b6e761cd0b53d2696e9c1bc955d1

https://git.kernel.org/stable/c/5f65c8ad8c7292ed7e3716343fcd590a51818cc3

https://git.kernel.org/stable/c/380353c3a92be7d928e6f973bd065c5b79755ac3

https://git.kernel.org/stable/c/a8366263b7e5b663d7fb489d3a9ba1e2600049a6

https://git.kernel.org/stable/c/08228941436047bdcd35a612c1aec0912a29d8cd

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-40095

Description

Affected Products

References