EUVD-2025-201631

| CVE-2025-40314
2025-12-08 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Lifecycle Timeline

4
Patch Released
Mar 16, 2026 - 15:00 nvd
Patch available
Analysis Generated
Mar 15, 2026 - 17:54 vuln.today
EUVD ID Assigned
Mar 15, 2026 - 17:54 euvd
EUVD-2025-201631
CVE Published
Dec 08, 2025 - 01:16 nvd
N/A

Tags

Information Disclosure Linux Linux Kernel

Description

In the Linux kernel, the following vulnerability has been resolved: usb: cdns3: gadget: Use-after-free during failed initialization and exit of cdnsp gadget In the __cdnsp_gadget_init() and cdnsp_gadget_exit() functions, the gadget structure (pdev->gadget) was freed before its endpoints. The endpoints are linked via the ep_list in the gadget structure. Freeing the gadget first leaves dangling pointers in the endpoint list. When the endpoints are subsequently freed, this results in a use-after-free. Fix: By separating the usb_del_gadget_udc() operation into distinct "del" and "put" steps, cdnsp_gadget_free_endpoints() can be executed prior to the final release of the gadget structure with usb_put_gadget(). A patch similar to bb9c74a5bd14("usb: dwc3: gadget: Free gadget structure only after freeing endpoints").

Analysis

In the Linux kernel, the following vulnerability has been resolved:

usb: cdns3: gadget: Use-after-free during failed initialization and exit of cdnsp gadget

In the __cdnsp_gadget_init() and cdnsp_gadget_exit() functions, the gadget structure (pdev->gadget) was freed before its endpoints. The endpoints are linked via the ep_list in the gadget structure. Freeing the gadget first leaves dangling pointers in the endpoint list. When the endpoints are subsequently freed, this results in a use-after-free.

Fix: By separating the usb_del_gadget_udc() operation into distinct "del" and "put" steps, cdnsp_gadget_free_endpoints() can be executed prior to the final release of the gadget structure with usb_put_gadget().

A patch similar to bb9c74a5bd14("usb: dwc3: gadget: Free gadget structure only after freeing endpoints").

Technical Context

A use-after-free vulnerability occurs when a program continues to use a pointer after the referenced memory has been freed, leading to undefined behavior.

Remediation

Use memory-safe languages. Implement proper object lifecycle management. Use static and dynamic analysis tools to detect UAF patterns.

Priority Score

0
Low Medium High Critical
KEV: 0
EPSS: +0.0
CVSS: +0
POC: 0

Share

EUVD-2025-201631 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy