CVE-2025-40223
中文标题:
(暂无数据)
英文标题:
most: usb: Fix use-after-free in hdm_disconnect
漏洞描述
中文描述:
(暂无数据)
英文描述:
In the Linux kernel, the following vulnerability has been resolved: most: usb: Fix use-after-free in hdm_disconnect hdm_disconnect() calls most_deregister_interface(), which eventually unregisters the MOST interface device with device_unregister(iface->dev). If that drops the last reference, the device core may call release_mdev() immediately while hdm_disconnect() is still executing. The old code also freed several mdev-owned allocations in hdm_disconnect() and then performed additional put_device() calls. Depending on refcount order, this could lead to use-after-free or double-free when release_mdev() ran (or when unregister paths also performed puts). Fix by moving the frees of mdev-owned allocations into release_mdev(), so they happen exactly once when the device is truly released, and by dropping the extra put_device() calls in hdm_disconnect() that are redundant after device_unregister() and most_deregister_interface(). This addresses the KASAN slab-use-after-free reported by syzbot in hdm_disconnect(). See report and stack traces in the bug link below.
CWE类型:
标签:
受影响产品
| 厂商 | 产品 | 版本 | 版本范围 | 平台 | CPE |
|---|---|---|---|---|---|
| Linux | Linux | - | < 5b5c478f09b1b35e7fe6fc9a1786c9bf6030e831 | - |
cpe:2.3:a:linux:linux:*:*:*:*:*:*:*:*
|
| Linux | Linux | 5.9 | - | - |
cpe:2.3:a:linux:linux:5.9:*:*:*:*:*:*:*
|
解决方案
中文解决方案:
英文解决方案:
临时解决方案:
CVSS评分详情
NOT_EXTRACTED
时间信息
利用信息
数据源详情
| 数据源 | 记录ID | 版本 | 提取时间 |
|---|---|---|---|
| CVE | cve_CVE-2025-40223 |
2025-12-05 02:05:29 | 2026-01-12 02:11:46 |
| NVD | nvd_CVE-2025-40223 |
2025-12-05 03:00:03 | 2026-01-12 02:27:46 |
版本与语言
安全公告
变更历史
查看详细变更
- affected_products_count: 8 -> 2
- data_sources: ['cve'] -> ['cve', 'nvd']