CVE-2025-40094NULL Pointer Dereference in Linux

CWE-476NULL Pointer Dereference56 documents8 sources
Severity
7.8HIGHOSV
OSV5.5OSV3.2
No vector
EPSS
0.1%
top 81.96%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
LinuxLinux KernelDebian Linux+2 more
Timeline
PublishedOct 30
Latest updateApr 13

Description

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_acm: Refactor bind path to use __free() After an bind/unbind cycle, the acm->notify_req is left stale. If a subsequent bind fails, the unified error label attempts to free this stale request, leading to a NULL pointer dereference when accessing ep->ops->free_request. Refactor the error handling in the bind path to use the __free() automatic cleanup mechanism. Unable to handle kernel NULL pointer dereference at

Affected Packages7 packages

Linuxlinux/linux_kernel2.6.275.15.196+4
Debianlinux/linux_kernel< 6.1.158-1+2
Ubuntulinux/linux_kernel< 5.15.0-170.180+2
CVEListV5linux/linux1f1ba11b64947051fc32aa15fcccef6463b433f7c5d116862dd3ed162d079738a5ebddf9fceea850+6

🔴Vulnerability Details

27
OSV
linux-raspi vulnerabilities2026-04-01
OSV
linux-raspi, linux-raspi-realtime vulnerabilities2026-04-01
OSV
linux-azure-6.8 vulnerabilities2026-03-25
OSV
linux-azure vulnerabilities2026-03-25
OSV
linux-aws-6.8 vulnerabilities2026-03-23

📋Vendor Advisories

27
Ubuntu
Linux kernel (Azure) vulnerabilities2026-04-13
Ubuntu
Linux kernel (Azure FIPS) vulnerabilities2026-04-09
Ubuntu
Linux kernel (Azure FIPS) vulnerabilities2026-04-09
Ubuntu
Linux kernel (Raspberry Pi) vulnerabilities2026-04-01
Ubuntu
Linux kernel (Raspberry Pi) vulnerabilities2026-04-01

💬Community

1
Bugzilla
CVE-2025-40094 kernel: Linux kernel: Denial of Service via NULL pointer dereference in USB gadget f_acm2025-10-30