CVE-2025-40314
BaseFortify
Publication date: 2025-12-08
Last updated on: 2025-12-08
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a use-after-free issue in the Linux kernel's usb cdns3 gadget driver. Specifically, during the initialization and exit of the cdnsp gadget, the gadget structure is freed before its associated endpoints. Since the endpoints are linked through the gadget structure, freeing the gadget first leaves dangling pointers in the endpoint list. When the endpoints are later freed, this results in accessing memory that has already been freed, causing a use-after-free condition.
How can this vulnerability impact me? :
The use-after-free vulnerability can lead to undefined behavior such as system crashes, memory corruption, or potential escalation of privileges if exploited. This can compromise system stability and security, potentially allowing attackers to execute arbitrary code or cause denial of service.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, update the Linux kernel to a version that includes the fix where the gadget structure is freed only after freeing its endpoints. This involves applying the patch that separates the usb_del_gadget_udc() operation into distinct 'del' and 'put' steps, ensuring cdnsp_gadget_free_endpoints() is executed prior to the final release of the gadget structure.