CVE-2025-40085
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-10-29

Last updated on: 2025-10-30

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix NULL pointer deference in try_to_register_card In try_to_register_card(), the return value of usb_ifnum_to_if() is passed directly to usb_interface_claimed() without a NULL check, which will lead to a NULL pointer dereference when creating an invalid USB audio device. Fix this by adding a check to ensure the interface pointer is valid before passing it to usb_interface_claimed().
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-10-29
Last Modified
2025-10-30
Generated
2026-06-16
AI Q&A
2025-10-29
EPSS Evaluated
2026-06-15
NVD
CVE-2025-40085
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a NULL pointer dereference in the Linux kernel's ALSA usb-audio driver. Specifically, in the function try_to_register_card(), the code calls usb_ifnum_to_if() and passes its return value directly to usb_interface_claimed() without checking if it is NULL. If an invalid USB audio device is created, this can cause a NULL pointer dereference, potentially leading to a kernel crash or instability. The fix involves adding a check to ensure the interface pointer is valid before using it.

Impact Analysis

This vulnerability can cause a NULL pointer dereference in the Linux kernel when handling certain USB audio devices, which may lead to a kernel crash or system instability. This could result in denial of service or unexpected behavior on affected systems using the ALSA usb-audio driver.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-40085. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart