CVE-2025-40314
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-12-08

Last updated on: 2025-12-08

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: usb: cdns3: gadget: Use-after-free during failed initialization and exit of cdnsp gadget In the __cdnsp_gadget_init() and cdnsp_gadget_exit() functions, the gadget structure (pdev->gadget) was freed before its endpoints. The endpoints are linked via the ep_list in the gadget structure. Freeing the gadget first leaves dangling pointers in the endpoint list. When the endpoints are subsequently freed, this results in a use-after-free. Fix: By separating the usb_del_gadget_udc() operation into distinct "del" and "put" steps, cdnsp_gadget_free_endpoints() can be executed prior to the final release of the gadget structure with usb_put_gadget(). A patch similar to bb9c74a5bd14("usb: dwc3: gadget: Free gadget structure only after freeing endpoints").
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-08
Last Modified
2025-12-08
Generated
2026-06-16
AI Q&A
2025-12-08
EPSS Evaluated
2026-06-15
NVD
CVE-2025-40314
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a use-after-free issue in the Linux kernel's usb cdns3 gadget driver. Specifically, during the initialization and exit of the cdnsp gadget, the gadget structure is freed before its associated endpoints. Since the endpoints are linked through the gadget structure, freeing the gadget first leaves dangling pointers in the endpoint list. When the endpoints are later freed, this results in accessing memory that has already been freed, causing a use-after-free condition.

Impact Analysis

The use-after-free vulnerability can lead to undefined behavior such as system crashes, memory corruption, or potential escalation of privileges if exploited. This can compromise system stability and security, potentially allowing attackers to execute arbitrary code or cause denial of service.

Mitigation Strategies

To mitigate this vulnerability, update the Linux kernel to a version that includes the fix where the gadget structure is freed only after freeing its endpoints. This involves applying the patch that separates the usb_del_gadget_udc() operation into distinct 'del' and 'put' steps, ensuring cdnsp_gadget_free_endpoints() is executed prior to the final release of the gadget structure.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-40314. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart