Null Pointer Dereference Vulnerability in Linux Kernel Affected by USB Gadget

CVE-2025-37881

Summary

A vulnerability in the Linux kernel within the USB gadget subsystem has been identified, wherein a NULL pointer dereference can occur due to an unchecked variable returned by the devm_kasprintf() function. This issue arises in the ast_vhub_init_dev() function and could lead to unexpected behavior or system instability. To mitigate this risk, a pointer validity check has been introduced. This fix enhances device management security and prevents potential exploitation, following similar resolutions made for related vulnerabilities.

References