Use-After-Free Vulnerability in Linux Kernel Affecting MOST Interface Device
CVE-2025-40223

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 4 December 2025

What is CVE-2025-40223?

A vulnerability exists in the Linux kernel's handling of the MOST interface device, where an improper sequence of operations during the hdm_disconnect() function can lead to a use-after-free condition. This flaw occurs when the last reference to the MOST interface device is released while the function is still executing, potentially allowing an attacker to exploit this situation. The issue has been resolved by ensuring that relevant memory allocations are handled correctly in the release_mdev() function, preventing the occurrence of multiple frees that could compromise system stability and security.

Affected Version(s)

Linux 97a6f772f36b7f52bcfa56a581bbd2470cffe23d < 5b5c478f09b1b35e7fe6fc9a1786c9bf6030e831

Linux 97a6f772f36b7f52bcfa56a581bbd2470cffe23d < 578eb18cd111addec94c43f61cd4b4429e454809

Linux 97a6f772f36b7f52bcfa56a581bbd2470cffe23d < 33daf469f5294b9d07c4fc98216cace9f4f34cc6

References

https://git.kernel.org/stable/c/5b5c478f09b1b35e7fe6fc9a1...

https://git.kernel.org/stable/c/578eb18cd111addec94c43f61...

https://git.kernel.org/stable/c/33daf469f5294b9d07c4fc982...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 4, 2025
Vulnerability Reserved
Apr 16, 2025

JSON