Linux Kernel Vulnerability in USB Gadget Functionality
CVE-2025-40094

Currently unrated

Key Information:

Vendor

Linux
Status
Linux
Vendor
CVE Published:
30 October 2025

What is CVE-2025-40094?

A vulnerability exists in the USB gadget subsystem of the Linux kernel that can lead to a NULL pointer dereference. Specifically, after a connect/disconnect cycle, a stale request can remain in an unstable state. If a subsequent connection attempt fails, the error handling mechanism attempts to free this request but encounters a NULL pointer, resulting in a serious stability issue. The vulnerability has prompted a refactor of the bind path to utilize an automatic cleanup mechanism, __free(), to ensure proper handling and prevent potential crashes.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Linux 1f1ba11b64947051fc32aa15fcccef6463b433f7

Linux 1f1ba11b64947051fc32aa15fcccef6463b433f7 < 2b1546f7c5fc6c44555a8e7a2b34229d1dcd2175

Linux 1f1ba11b64947051fc32aa15fcccef6463b433f7

References

https://git.kernel.org/stable/c/c5d116862dd3ed162d079738a...
https://git.kernel.org/stable/c/2b1546f7c5fc6c44555a8e7a2...
https://git.kernel.org/stable/c/e348d18fb0124b662cfefb300...

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.