CVE-2025-40085

Oct. 29, 2025, 2:15 p.m.

None
No Score

Description

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix NULL pointer deference in try_to_register_card In try_to_register_card(), the return value of usb_ifnum_to_if() is passed directly to usb_interface_claimed() without a NULL check, which will lead to a NULL pointer dereference when creating an invalid USB audio device. Fix this by adding a check to ensure the interface pointer is valid before passing it to usb_interface_claimed().

Product(s) Impacted

Vendor Product Versions
Linux
  • Linux Kernel
  • *

Weaknesses

Common security weaknesses mapped to this vulnerability.

*CPE(s)

Affected systems and software identified for this CVE.

Type Vendor Product Version Update Edition Language Software Edition Target Software Target Hardware Other Information
a linux linux_kernel / / / / / / / /

References

https://git.kernel.org/stable/c/28412b489b088fb88dff488305fd4e56bd47f6e4
https://git.kernel.org/stable/c/576312eb436326b44b7010f4d9ae2b698df075ea
https://git.kernel.org/stable/c/736159f7b296d7a95f7208eb4799639b1f8b16a0
https://git.kernel.org/stable/c/8503ac1a62075a085402e42a386b5c627c821a51
https://git.kernel.org/stable/c/8d19a7ab28c7b9c207db5c5282afa8cc8595bcdb
https://git.kernel.org/stable/c/bba7208765d26e5e36b87f21dacc2780b064f41f

Tags

416baaa9-dc9f-4396-8d5f-8c081fb06d67
2025-10-29
CVE-2025-40085

Timeline

Published: Oct. 29, 2025, 2:15 p.m.
Last Modified: Oct. 29, 2025, 2:15 p.m.

Status : Received

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

416baaa9-dc9f-4396-8d5f-8c081fb06d67

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.