CVE-2025-40085

Linux Kernel NULL Pointer Dereference in try_to_register_card

Title source: llm
STIX 2.1

Description

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix NULL pointer deference in try_to_register_card In try_to_register_card(), the return value of usb_ifnum_to_if() is passed directly to usb_interface_claimed() without a NULL check, which will lead to a NULL pointer dereference when creating an invalid USB audio device. Fix this by adding a check to ensure the interface pointer is valid before passing it to usb_interface_claimed().

Scores

EPSS 0.0019
EPSS Percentile 8.6%

Details

Status published
Products (24)
linux/Kernel < 5.15.196linux
linux/Kernel 5.16.0 - 6.1.158linux
linux/Kernel 6.1.0 - 6.6.114linux
linux/Kernel 6.2.0 - 6.12.55linux
linux/Kernel 6.7.0 - 6.17.5linux
Linux/Linux < 6.1
Linux/Linux 28787ff9fbeaf57684eb64cc33e2ec8ceedf21b5 - 736159f7b296d7a95f7208eb4799639b1f8b16a0
Linux/Linux 39efc9c8a973ddff5918191525d1679d0fb368ea - 28412b489b088fb88dff488305fd4e56bd47f6e4
Linux/Linux 39efc9c8a973ddff5918191525d1679d0fb368ea - 576312eb436326b44b7010f4d9ae2b698df075ea
Linux/Linux 39efc9c8a973ddff5918191525d1679d0fb368ea - 8503ac1a62075a085402e42a386b5c627c821a51
... and 14 more
Published Oct 29, 2025
Tracked Since Feb 18, 2026