PT-2025-16692 · Linux+3 · Linux Kernel+3
Published
2025-03-20
·
Updated
2026-03-13
·
CVE-2025-22052
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Linux kernel (affected versions not specified)
Description
A problem in the Linux kernel has been identified where disconnecting a USB dongle leads to a NULL dereference Oops due to the
bus interface being set to NULL. This issue arises because the usb dev is set from the bus interface for dev xxx messages, and previously, the bus interface was only checked for NULL in functions directly calling usb fill bulk urb or usb control msg. To fix this, checks for a valid bus interface have been added to all interface entry points, returning -ENODEV if it is NULL.Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Improper Resource Release
NULL Pointer Dereference
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Astra Linux
Debian
Linux Kernel
Ubuntu