USB Audio Device Vulnerability in Linux Kernel
CVE-2025-40085

Currently unrated

Key Information:

Vendor

Linux
Status
Linux
Vendor
CVE Published:
29 October 2025

What is CVE-2025-40085?

A vulnerability in the Linux kernel related to ALSA's handling of USB audio devices can cause a NULL pointer dereference during the attempt to register an invalid USB audio device. The issue arises in the try_to_register_card function, where the return value of usb_ifnum_to_if() is incorrectly used without prior validation. This oversight could lead to system crashes or unexpected behavior, highlighting the need for strict validation checks before interfacing with USB components.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Linux 28787ff9fbeaf57684eb64cc33e2ec8ceedf21b5 < 736159f7b296d7a95f7208eb4799639b1f8b16a0

Linux 39efc9c8a973ddff5918191525d1679d0fb368ea < 8d19a7ab28c7b9c207db5c5282afa8cc8595bcdb

Linux 39efc9c8a973ddff5918191525d1679d0fb368ea < 576312eb436326b44b7010f4d9ae2b698df075ea

References

https://git.kernel.org/stable/c/736159f7b296d7a95f7208eb4...
https://git.kernel.org/stable/c/8d19a7ab28c7b9c207db5c528...
https://git.kernel.org/stable/c/576312eb436326b44b7010f4d...

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.