Linux Kernel Vulnerability in RNDIS Gadget Handling
CVE-2025-40095

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 30 October 2025

What is CVE-2025-40095?

A vulnerability in the Linux kernel's RNDIS gadget handling can lead to a NULL pointer dereference during bind/unbind cycles. When the bind operation encounters a failure, the error handling mechanism may attempt to free a stale notify request, resulting in potential system instability. The fix refactors the error handling to utilize an automatic cleanup feature, enhancing the robustness of the USB gadget operations.

Affected Version(s)

Linux 45fe3b8e5342cd1ce307099459c74011d8e01986

Linux 45fe3b8e5342cd1ce307099459c74011d8e01986 < 5f65c8ad8c7292ed7e3716343fcd590a51818cc3

Linux 45fe3b8e5342cd1ce307099459c74011d8e01986 < 380353c3a92be7d928e6f973bd065c5b79755ac3

References

https://git.kernel.org/stable/c/ef81226bb1f8b6e761cd0b53d...

https://git.kernel.org/stable/c/5f65c8ad8c7292ed7e3716343...

https://git.kernel.org/stable/c/380353c3a92be7d928e6f973b...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 30, 2025
Vulnerability Reserved
Apr 16, 2025

JSON