CVE-2025-40085
Last modified
CVE-2025-40085 is a vulnerability of currently unknown severity. In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix NULL pointer deference in try_to_register_card In try_to_register_card(), the return value of usb_ifnum_to_if() is passed directly to usb_interface_claimed() without a NULL check, which will lead to a NULL pointer dereference when creating an invalid USB audio device. Fix this by adding a check to ensure the interface pointer is valid before passing it to usb_interface_claimed().. EPSS estimates a 0.17% chance of exploitation in the next 30 days.
Description
In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix NULL pointer deference in try_to_register_card In try_to_register_card(), the return value of usb_ifnum_to_if() is passed directly to usb_interface_claimed() without a NULL check, which will lead to a NULL pointer dereference when creating an invalid USB audio device. Fix this by adding a check to ensure the interface pointer is valid before passing it to usb_interface_claimed().
Metrics
References
Timeline
- Published
- Last Modified
- Status
- Deferred
Frequently Asked Questions
What is CVE-2025-40085?
How severe is CVE-2025-40085?
How do I fix CVE-2025-40085?
Are you affected by CVE-2025-40085?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST