DEBIAN-CVE-2025-40315
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_fs: Fix epfile null pointer access after ep enable. A race condition occurs when ffs_func_eps_enable() runs concurrently with ffs_data_reset(). The ffs_data_clear() called in ffs_data_reset() sets ffs->epfiles to NULL before resetting ffs->eps_count to 0, leading to a NULL pointer dereference when accessing epfile->ep in ffs_func_eps_enable() after successful usb_ep_enable(). The ffs->epfiles pointer is set to NULL in both ffs_data_clear() and ffs_data_close() functions, and its modification is protected by the spinlock ffs->eps_lock. And the whole ffs_func_eps_enable() function is also protected by ffs->eps_lock. Thus, add NULL pointer handling for ffs->epfiles in the ffs_func_eps_enable() function to fix issues
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:12 | linux | 6.1.119-1, 6.1.158-1, 6.1.27-1 |
| Debian:11 | linux-6.1 | 6.1.128-1, 6.1.112-1, 6.1.106-3 |
| Debian:13 | linux | 6.12.63-1, 6.12.57-1~bpo12+1, * |
| Debian:14 | linux | 6.14.6-1, 6.12.38-1, 6.12.41-1 |
| Debian:11 | linux | 5.10.234-1, 5.10.237-1, 5.10.46-4 |
Timeline
- Dec 8, 2025 CVE Published
- Apr 28, 2026 CVE Updated