Description

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_ecm: Refactor bind path to use __free() After an bind/unbind cycle, the ecm->notify_req is left stale. If a subsequent bind fails, the unified error label attempts to free this stale request, leading to a NULL pointer dereference when accessing ep->ops->free_request. Refactor the error handling in the bind path to use the __free() automatic cleanup mechanism.

INFO

Published Date :

2025-10-30T09:48:00.807Z

Last Modified :

2025-10-30T09:48:00.807Z

Source :

Linux
AFFECTED PRODUCTS

The following products are affected by CVE-2025-40093 vulnerability.

Vendors Products
Linux
  • Linux Kernel
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-40093.

URL Resource
https://git.kernel.org/stable/c/070f341d86cf2c098d63e484a86c7c1d2696a868 cve-icon cve-icon
https://git.kernel.org/stable/c/15b9faf53ba8719700596e7ef78879ce200e8c2e cve-icon cve-icon
https://git.kernel.org/stable/c/42988380ac67c76bb9dff8f77d7ef3eefd50b7b5 cve-icon cve-icon
https://git.kernel.org/stable/c/4630c68bade82f087eaaab22e9a361da2f18d139 cve-icon cve-icon
https://git.kernel.org/stable/c/d3745aaef19198d0c81637a7dd50ef53c4f879b7 cve-icon cve-icon
https://lore.kernel.org/linux-cve-announce/2025103016-CVE-2025-40093-f52d@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2025-40093 cve-icon
https://www.cve.org/CVERecord?id=CVE-2025-40093 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact