Linux Kernel Vulnerability in RNDIS Gadget Handling
CVE-2025-40095

Currently unrated

Key Information:

Vendor

Linux
Status
Linux
Vendor
CVE Published:
30 October 2025

What is CVE-2025-40095?

A vulnerability in the Linux kernel's RNDIS gadget handling can lead to a NULL pointer dereference during bind/unbind cycles. When the bind operation encounters a failure, the error handling mechanism may attempt to free a stale notify request, resulting in potential system instability. The fix refactors the error handling to utilize an automatic cleanup feature, enhancing the robustness of the USB gadget operations.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Linux 45fe3b8e5342cd1ce307099459c74011d8e01986

Linux 45fe3b8e5342cd1ce307099459c74011d8e01986 < 5f65c8ad8c7292ed7e3716343fcd590a51818cc3

Linux 45fe3b8e5342cd1ce307099459c74011d8e01986 < 380353c3a92be7d928e6f973bd065c5b79755ac3

References

https://git.kernel.org/stable/c/ef81226bb1f8b6e761cd0b53d...
https://git.kernel.org/stable/c/5f65c8ad8c7292ed7e3716343...
https://git.kernel.org/stable/c/380353c3a92be7d928e6f973b...

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.