CVE-2025-39997NULL Pointer Dereference in Linux

CWE-476NULL Pointer Dereference7 documents6 sources
Severity
5.5MEDIUM
No vector
EPSS
0.0%
top 91.72%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedOct 15

Description

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: fix race condition to UAF in snd_usbmidi_free The previous commit 0718a78f6a9f ("ALSA: usb-audio: Kill timer properly at removal") patched a UAF issue caused by the error timer. However, because the error timer kill added in this patch occurs after the endpoint delete, a race condition to UAF still occurs, albeit rarely. Additionally, since kill-cleanup for urb is also missing, freed memory can be accessed i

Affected Packages4 packages

Linuxlinux/linux_kernel6.16.06.16.11+1
Debianlinux/linux_kernel< 6.16.11-1
CVEListV5linux/linux647410a7da46067953a53c0d03f8680eff570959dc4874366cf6cf4a31d8fa4b7f0e2a5b2d7647ba+7
debiandebian/linux< linux 6.16.11-1 (forky)

🔴Vulnerability Details

3
OSV
CVE-2025-39997: In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: fix race condition to UAF in snd_usbmidi_free The previous commit2025-10-15
GHSA
GHSA-xc3r-7j5x-74w4: In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: fix race condition to UAF in snd_usbmidi_free The previous comm2025-10-15
OSV
ALSA: usb-audio: fix race condition to UAF in snd_usbmidi_free2025-10-15

📋Vendor Advisories

2
Red Hat
kernel: Linux kernel: Use-After-Free in ALSA USB audio due to race condition2025-10-15
Debian
CVE-2025-39997: linux - In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-a...2025

💬Community

1
Bugzilla
CVE-2025-39997 kernel: Linux kernel: Use-After-Free in ALSA USB audio due to race condition2025-10-15