-

CVE-2025-40223

EPSS 0.03%
Veröffentlicht 04.12.2025 15:31:15
Zuletzt bearbeitet 04.12.2025 17:15:08
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

In the Linux kernel, the following vulnerability has been resolved:

most: usb: Fix use-after-free in hdm_disconnect

hdm_disconnect() calls most_deregister_interface(), which eventually
unregisters the MOST interface device with device_unregister(iface->dev).
If that drops the last reference, the device core may call release_mdev()
immediately while hdm_disconnect() is still executing.

The old code also freed several mdev-owned allocations in
hdm_disconnect() and then performed additional put_device() calls.
Depending on refcount order, this could lead to use-after-free or
double-free when release_mdev() ran (or when unregister paths also
performed puts).

Fix by moving the frees of mdev-owned allocations into release_mdev(),
so they happen exactly once when the device is truly released, and by
dropping the extra put_device() calls in hdm_disconnect() that are
redundant after device_unregister() and most_deregister_interface().

This addresses the KASAN slab-use-after-free reported by syzbot in
hdm_disconnect(). See report and stack traces in the bug link below.

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 10

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < 5b5c478f09b1b35e7fe6fc9a1786c9bf6030e831

Version 97a6f772f36b7f52bcfa56a581bbd2470cffe23d

Status affected

Version < 578eb18cd111addec94c43f61cd4b4429e454809

Version 97a6f772f36b7f52bcfa56a581bbd2470cffe23d

Status affected

Version < 33daf469f5294b9d07c4fc98216cace9f4f34cc6

Version 97a6f772f36b7f52bcfa56a581bbd2470cffe23d

Status affected

Version < 72427dc6f87523995f4e6ae35a948bb2992cabce

Version 97a6f772f36b7f52bcfa56a581bbd2470cffe23d

Status affected

Version < f93a84ffb884d761a9d4e869ba29c238711e81f1

Version 97a6f772f36b7f52bcfa56a581bbd2470cffe23d

Status affected

Version < 3a3b8e89c7201c5b3b76ac4a4069d1adde1477d6

Version 97a6f772f36b7f52bcfa56a581bbd2470cffe23d

Status affected

Version < 4b1270902609ef0d935ed2faa2ea6d122bd148f5

Version 97a6f772f36b7f52bcfa56a581bbd2470cffe23d

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 5.9

Status affected

Version < 5.9

Version 0

Status unaffected

Version <= 5.10.*

Version 5.10.246

Status unaffected

Version <= 5.15.*

Version 5.15.196

Status unaffected

Version <= 6.1.*

Version 6.1.158

Status unaffected

Version <= 6.6.*

Version 6.6.115

Status unaffected

Version <= 6.12.*

Version 6.12.56

Status unaffected

Version <= 6.17.*

Version 6.17.6

Status unaffected

Version <= *

Version 6.18

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.087

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

https://git.kernel.org/stable/c/5b5c478f09b1b35e7fe6fc9a1786c9bf6030e831

https://git.kernel.org/stable/c/578eb18cd111addec94c43f61cd4b4429e454809

https://git.kernel.org/stable/c/33daf469f5294b9d07c4fc98216cace9f4f34cc6

https://git.kernel.org/stable/c/72427dc6f87523995f4e6ae35a948bb2992cabce

https://git.kernel.org/stable/c/f93a84ffb884d761a9d4e869ba29c238711e81f1

https://git.kernel.org/stable/c/3a3b8e89c7201c5b3b76ac4a4069d1adde1477d6

https://git.kernel.org/stable/c/4b1270902609ef0d935ed2faa2ea6d122bd148f5

https://nvd.nist.gov/vuln/detail/CVE-2025-40223

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-40223

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-40223

EUVD