NULL Pointer Dereference in Linux Kernel's ALSA usb-audio Component
CVE-2025-40275

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 6 December 2025

What is CVE-2025-40275?

A vulnerability in the Linux kernel's ALSA usb-audio component can lead to a NULL pointer dereference when handling USB audio streams for UAC version 3 devices. Specifically, in the function snd_usb_mixer_controls_badd(), an improper assumption is made regarding the validity of an Interface Association Descriptor (IAD) retrieved via usb_ifnum_to_if(). If this call fails, the fallback routine erroneously assumes the descriptor is valid, resulting in potential system instability. This issue can be exploited by sending a crafted USB device descriptor. A patch has been implemented to add a NULL pointer check to prevent such dereference issues.

Affected Version(s)

Linux 17156f23e93c0f59e06dd2aaffd06221341caaee < 23aea9c74aeea2625aaf4fbcc6beb9d09e30f9e4

Linux 17156f23e93c0f59e06dd2aaffd06221341caaee

Linux 17156f23e93c0f59e06dd2aaffd06221341caaee < 9f282104627be5fbded3102ff9004f753c55a063

References

https://git.kernel.org/stable/c/23aea9c74aeea2625aaf4fbcc...

https://git.kernel.org/stable/c/c5c08965ab96b16361e69a1e2...

https://git.kernel.org/stable/c/9f282104627be5fbded3102ff...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 6, 2025
Vulnerability Reserved
Apr 16, 2025

JSON