Description

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix NULL pointer deference in try_to_register_card In try_to_register_card(), the return value of usb_ifnum_to_if() is passed directly to usb_interface_claimed() without a NULL check, which will lead to a NULL pointer dereference when creating an invalid USB audio device. Fix this by adding a check to ensure the interface pointer is valid before passing it to usb_interface_claimed().

INFO

Published Date :

2025-10-29T13:37:04.707Z

Last Modified :

2025-12-01T06:17:42.458Z

Source :

Linux
AFFECTED PRODUCTS

The following products are affected by CVE-2025-40085 vulnerability.

Vendors Products
Linux
  • Linux Kernel
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-40085.

URL Resource
https://git.kernel.org/stable/c/28412b489b088fb88dff488305fd4e56bd47f6e4 cve-icon cve-icon
https://git.kernel.org/stable/c/576312eb436326b44b7010f4d9ae2b698df075ea cve-icon cve-icon
https://git.kernel.org/stable/c/736159f7b296d7a95f7208eb4799639b1f8b16a0 cve-icon cve-icon
https://git.kernel.org/stable/c/8503ac1a62075a085402e42a386b5c627c821a51 cve-icon cve-icon
https://git.kernel.org/stable/c/8d19a7ab28c7b9c207db5c5282afa8cc8595bcdb cve-icon cve-icon
https://git.kernel.org/stable/c/bba7208765d26e5e36b87f21dacc2780b064f41f cve-icon cve-icon
https://lore.kernel.org/linux-cve-announce/2025102910-CVE-2025-40085-0ce0@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2025-40085 cve-icon
https://www.cve.org/CVERecord?id=CVE-2025-40085 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact