VYPR
Unrated severityNVD Advisory· Published Oct 30, 2025· Updated Apr 15, 2026

CVE-2025-40093

CVE-2025-40093

Description

In the Linux kernel, the following vulnerability has been resolved:

usb: gadget: f_ecm: Refactor bind path to use __free()

After an bind/unbind cycle, the ecm->notify_req is left stale. If a subsequent bind fails, the unified error label attempts to free this stale request, leading to a NULL pointer dereference when accessing ep->ops->free_request.

Refactor the error handling in the bind path to use the __free() automatic cleanup mechanism.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

4

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.