CVE-2025-40275
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-12-06

Last updated on: 2025-12-08

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix NULL pointer dereference in snd_usb_mixer_controls_badd In snd_usb_create_streams(), for UAC version 3 devices, the Interface Association Descriptor (IAD) is retrieved via usb_ifnum_to_if(). If this call fails, a fallback routine attempts to obtain the IAD from the next interface and sets a BADD profile. However, snd_usb_mixer_controls_badd() assumes that the IAD retrieved from usb_ifnum_to_if() is always valid, without performing a NULL check. This can lead to a NULL pointer dereference when usb_ifnum_to_if() fails to find the interface descriptor. This patch adds a NULL pointer check after calling usb_ifnum_to_if() in snd_usb_mixer_controls_badd() to prevent the dereference. This issue was discovered by syzkaller, which triggered the bug by sending a crafted USB device descriptor.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-06
Last Modified
2025-12-08
Generated
2026-06-16
AI Q&A
2025-12-07
EPSS Evaluated
2026-06-14
NVD
CVE-2025-40275
EUVD
EUVD-2025-201580
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a NULL pointer dereference in the Linux kernel's ALSA usb-audio driver. Specifically, in the snd_usb_mixer_controls_badd() function, the code assumes that the Interface Association Descriptor (IAD) retrieved by usb_ifnum_to_if() is always valid and does not check for NULL. If usb_ifnum_to_if() fails to find the interface descriptor, this leads to a NULL pointer dereference, which can cause the kernel to crash or behave unexpectedly. The issue occurs when handling UAC version 3 USB audio devices and was triggered by a crafted USB device descriptor.

Impact Analysis

This vulnerability can cause a NULL pointer dereference in the Linux kernel, potentially leading to a kernel crash or system instability when a crafted USB audio device is connected. This can result in denial of service or unexpected behavior on affected systems.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-40275. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart