| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025102910-CVE-2025-40085-0ce0@gregkh> Date: Wed, 29 Oct 2025 14:37:11 +0100 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2025-40085: ALSA: usb-audio: Fix NULL pointer deference in try_to_register_card From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix NULL pointer deference in try_to_register_card In try_to_register_card(), the return value of usb_ifnum_to_if() is passed directly to usb_interface_claimed() without a NULL check, which will lead to a NULL pointer dereference when creating an invalid USB audio device. Fix this by adding a check to ensure the interface pointer is valid before passing it to usb_interface_claimed(). The Linux kernel CVE team has assigned CVE-2025-40085 to this issue. Affected and fixed versions =========================== Issue introduced in 5.15.75 with commit 28787ff9fbeaf57684eb64cc33e2ec8ceedf21b5 and fixed in 5.15.196 with commit 736159f7b296d7a95f7208eb4799639b1f8b16a0 Issue introduced in 6.1 with commit 39efc9c8a973ddff5918191525d1679d0fb368ea and fixed in 6.1.158 with commit 8d19a7ab28c7b9c207db5c5282afa8cc8595bcdb Issue introduced in 6.1 with commit 39efc9c8a973ddff5918191525d1679d0fb368ea and fixed in 6.6.114 with commit 576312eb436326b44b7010f4d9ae2b698df075ea Issue introduced in 6.1 with commit 39efc9c8a973ddff5918191525d1679d0fb368ea and fixed in 6.12.55 with commit bba7208765d26e5e36b87f21dacc2780b064f41f Issue introduced in 6.1 with commit 39efc9c8a973ddff5918191525d1679d0fb368ea and fixed in 6.17.5 with commit 8503ac1a62075a085402e42a386b5c627c821a51 Issue introduced in 6.1 with commit 39efc9c8a973ddff5918191525d1679d0fb368ea and fixed in 6.18-rc2 with commit 28412b489b088fb88dff488305fd4e56bd47f6e4 Issue introduced in 5.19.17 with commit 9d4f4dc3cd38e412c29a7626489fe48b79ebbf6c Issue introduced in 6.0.3 with commit 52076a41c128146c9df4a157e972cb17019313b1 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2025-40085 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: sound/usb/card.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/736159f7b296d7a95f7208eb4799639b1f8b16a0 https://git.kernel.org/stable/c/8d19a7ab28c7b9c207db5c5282afa8cc8595bcdb https://git.kernel.org/stable/c/576312eb436326b44b7010f4d9ae2b698df075ea https://git.kernel.org/stable/c/bba7208765d26e5e36b87f21dacc2780b064f41f https://git.kernel.org/stable/c/8503ac1a62075a085402e42a386b5c627c821a51 https://git.kernel.org/stable/c/28412b489b088fb88dff488305fd4e56bd47f6e4
Powered by blists - more mailing lists