DEBIAN-CVE-2025-40314

DEBIAN-CVE-2025-40314 PUBLISHED CVSS 9.300000190734863 CRITICAL

In the Linux kernel, the following vulnerability has been resolved: usb: cdns3: gadget: Use-after-free during failed initialization and exit of cdnsp gadget In the __cdnsp_gadget_init() and cdnsp_gadget_exit() functions, the gadget structure (pdev->gadget) was freed before its endpoints. The endpoints are linked via the ep_list in the gadget structure. Freeing the gadget first leaves dangling pointers in the endpoint list. When the endpoints are subsequently freed, this results in a use-after-free. Fix: By separating the usb_del_gadget_udc() operation into distinct "del" and "put" steps, cdnsp_gadget_free_endpoints() can be executed prior to the final release of the gadget structure with usb_put_gadget(). A patch similar to bb9c74a5bd14("usb: dwc3: gadget: Free gadget structure only after freeing endpoints").

Risk Scores

CVSS v4.0

9.300000190734863

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Products

Vendor	Product	Versions
Debian:13	linux	0, 6.12.38-1, 6.12.43-1
Debian:12	linux	6.1.67-1, 6.1.69-1, 6.1.69-1
Debian:14	linux	0, 6.12.41-1, 6.12.43-1
Debian:11	linux-6.1	*, 6.1.106-3~deb11u1, 6.1.106-3~deb11u2
Debian:11	linux	6.12.9-1+alpha, 6.12.9-1~bpo12+1, 6.12~rc6-1~exp1

Timeline

Dec 8, 2025 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2025-40314 advisory

Open in Interactive Console →