CVE-2025-40223

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains a flaw within the MOST (Media Over Serial Transport) USB subsystem, specifically in the hdm disconnect() function. This function, when called, can lead to a use-after-free or double-free condition due to improper handling of memory deallocation and device unregistration. The issue arises because hdm disconnect() calls most deregister interface(), which unregisters the MOST interface device. If this unregistration drops the last reference to the device, the device core may call release mdev() while hdm disconnect() is still executing. The original code freed memory allocations within hdm disconnect() and then made additional put device() calls, potentially leading to memory corruption. The fix involves moving the memory deallocations to release mdev() to ensure they happen only once when the device is released and removing redundant put device() calls from hdm disconnect(). This addresses a slab-use-after-free issue reported by KASAN and syzbot.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.