Race Condition in Linux Kernel Affecting USB Gadget Functionality
CVE-2025-40315

Currently unrated

Key Information:

Vendor

Linux
Status
Linux
Vendor
CVE Published:
8 December 2025

What is CVE-2025-40315?

A race condition exists in the USB gadget subsystem of the Linux kernel that arises when the ffs_func_eps_enable() function is executed simultaneously with ffs_data_reset(). This situation can lead to a null pointer dereference due to the premature setting of the ffs->epfiles pointer to NULL during the execution of ffs_data_clear() in ffs_data_reset(). The improper handling of this pointer in the context of enabled endpoints can cause significant instability in USB operations. The fix requires enhanced NULL pointer handling within the ffs_func_eps_enable() function to mitigate the risks associated with concurrent access to these resources.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Linux c9fc422c9a43e3d58d246334a71f3390401781dc

Linux 0042178a69eb77a979e36a50dcce9794a3140ef8 < 1c0dbd240be3f87cac321b14e17979b7e9cb6a8f

Linux 72a8aee863af099d4434314c4536d6c9a61dcf3c < 9ec40fba7357df2d36f4c2e2f3b9b1a4fba0a272

References

https://git.kernel.org/stable/c/b00d2572c16e8e59e979960d3...
https://git.kernel.org/stable/c/1c0dbd240be3f87cac321b14e...
https://git.kernel.org/stable/c/9ec40fba7357df2d36f4c2e2f...

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.