DEBIAN-CVE-2025-38555
In the Linux kernel, the following vulnerability has been resolved: usb: gadget : fix use-after-free in composite_dev_cleanup() 1. In func configfs_composite_bind() -> composite_os_desc_req_prepare(): if kmalloc fails, the pointer cdev->os_desc_req will be freed but not set to NULL. Then it will return a failure to the upper-level function. 2. in func configfs_composite_bind() -> composite_dev_cleanup(): it will checks whether cdev->os_desc_req is NULL. If it is not NULL, it will attempt to use it.This will lead to a use-after-free issue. BUG: KASAN: use-after-free in composite_dev_cleanup+0xf4/0x2c0 Read of size 8 at addr 0000004827837a00 by task init/1 CPU: 10 PID: 1 Comm: init Tainted: G O 5.10.97-oh #1 kasan_report+0x188/0x1cc __asan_load8+0xb4/0xbc composite_dev_cleanup+0xf4/0x2c0 configfs_composite_bind+0x210/0x7ac udc_bind_to_driver+0xb4/0x1ec usb_gadget_probe_driver+0xec/0x21c gadget_dev_desc_UDC_store+0x264/0x27c
Risk Scores
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:12 | linux | *, 6.1.38-4, 6.1.55-1 |
| Debian:11 | linux | 5.10.92-1, 0, 5.10.103-1 |
| Debian:13 | linux | 6.12.41-1, 6.12.43-1, 6.12.38-1 |
| Debian:11 | linux-6.1 | 6.1.137-1, 6.1.140-1, 6.1.147-1 |
| Debian:14 | linux | 6.12.74-2, 6.12.74-1, 6.12.73-1 |
| Debian | linux |
Timeline
- Aug 19, 2025 CVE Published
- Apr 28, 2026 CVE Updated