CVE-2025-40093
Linux Kernel 2.6.27-6.1.157, 6.2.0-6.6.113, 6.7.0-6.12.54, 6.13.0-6.17.4 - DoS via Stale USB Gadget ECM Request
Title source: llmDescription
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_ecm: Refactor bind path to use __free() After an bind/unbind cycle, the ecm->notify_req is left stale. If a subsequent bind fails, the unified error label attempts to free this stale request, leading to a NULL pointer dereference when accessing ep->ops->free_request. Refactor the error handling in the bind path to use the __free() automatic cleanup mechanism.
References (5)
Core 5
Core References
Scores
EPSS
0.0018
EPSS Percentile
8.1%
Details
Status
published
Products (16)
linux/Kernel
2.6.27 - 6.1.158linux
linux/Kernel
6.13.0 - 6.17.5linux
linux/Kernel
6.2.0 - 6.6.114linux
linux/Kernel
6.7.0 - 6.12.55linux
Linux/Linux
< 2.6.27
Linux/Linux
2.6.27
Linux/Linux
6.1.158 - 6.1.*
Linux/Linux
6.12.55 - 6.12.*
Linux/Linux
6.17.5 - 6.17.*
Linux/Linux
6.18
... and 6 more
Published
Oct 30, 2025
Tracked Since
Feb 18, 2026