1. Home
  2. Vulnerabilities
  3. CVE-2025-40315
0.0
NA
CVE-2025-40315
usb: gadget: f_fs: Fix epfile null pointer access after ep enable.
Description

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_fs: Fix epfile null pointer access after ep enable. A race condition occurs when ffs_func_eps_enable() runs concurrently with ffs_data_reset(). The ffs_data_clear() called in ffs_data_reset() sets ffs->epfiles to NULL before resetting ffs->eps_count to 0, leading to a NULL pointer dereference when accessing epfile->ep in ffs_func_eps_enable() after successful usb_ep_enable(). The ffs->epfiles pointer is set to NULL in both ffs_data_clear() and ffs_data_close() functions, and its modification is protected by the spinlock ffs->eps_lock. And the whole ffs_func_eps_enable() function is also protected by ffs->eps_lock. Thus, add NULL pointer handling for ffs->epfiles in the ffs_func_eps_enable() function to fix issues

INFO

Published Date :

Dec. 8, 2025, 1:16 a.m.

Last Modified :

Dec. 8, 2025, 1:16 a.m.

Remotely Exploit :

No

Source :

416baaa9-dc9f-4396-8d5f-8c081fb06d67
Affected Products

The following products are affected by CVE-2025-40315 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Linux linux_kernel
: Total Affected Vendor : 1 | Products : 1
Solution
Handle null pointer dereference in the Linux kernel's USB gadget f_fs module.
  • Apply the provided patch to the Linux kernel source.
  • Ensure ffs->epfiles is null-checked in ffs_func_eps_enable.
  • Rebuild and deploy the updated kernel.
References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2025-40315.

URL Resource
https://git.kernel.org/stable/c/1c0dbd240be3f87cac321b14e17979b7e9cb6a8f
https://git.kernel.org/stable/c/30880e9df27332403dd638a82c27921134b3630b
https://git.kernel.org/stable/c/9ec40fba7357df2d36f4c2e2f3b9b1a4fba0a272
https://git.kernel.org/stable/c/b00d2572c16e8e59e979960d3383c2ae9cebd195
https://git.kernel.org/stable/c/c53e90563bc148e4e0ad09fe130ba2246d426ea6
https://git.kernel.org/stable/c/cfd6f1a7b42f62523c96d9703ef32b0dbc495ba4
https://git.kernel.org/stable/c/d62b808d5c68a931ad0849a00a5e3be3dd7e0019
https://git.kernel.org/stable/c/fc1141a530dfc91f0ee19b7f422a2d24829584bc
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2025-40315 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2025-40315 weaknesses.

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2025-40315 vulnerability anywhere in the article.

Results are limited to the first 20 news articles due to potential performance issues.

The following table lists the changes that have been made to the CVE-2025-40315 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • New CVE Received by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

    Dec. 08, 2025

    Action Type Old Value New Value
    Added Description In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_fs: Fix epfile null pointer access after ep enable. A race condition occurs when ffs_func_eps_enable() runs concurrently with ffs_data_reset(). The ffs_data_clear() called in ffs_data_reset() sets ffs->epfiles to NULL before resetting ffs->eps_count to 0, leading to a NULL pointer dereference when accessing epfile->ep in ffs_func_eps_enable() after successful usb_ep_enable(). The ffs->epfiles pointer is set to NULL in both ffs_data_clear() and ffs_data_close() functions, and its modification is protected by the spinlock ffs->eps_lock. And the whole ffs_func_eps_enable() function is also protected by ffs->eps_lock. Thus, add NULL pointer handling for ffs->epfiles in the ffs_func_eps_enable() function to fix issues
    Added Reference https://git.kernel.org/stable/c/1c0dbd240be3f87cac321b14e17979b7e9cb6a8f
    Added Reference https://git.kernel.org/stable/c/30880e9df27332403dd638a82c27921134b3630b
    Added Reference https://git.kernel.org/stable/c/9ec40fba7357df2d36f4c2e2f3b9b1a4fba0a272
    Added Reference https://git.kernel.org/stable/c/b00d2572c16e8e59e979960d3383c2ae9cebd195
    Added Reference https://git.kernel.org/stable/c/c53e90563bc148e4e0ad09fe130ba2246d426ea6
    Added Reference https://git.kernel.org/stable/c/cfd6f1a7b42f62523c96d9703ef32b0dbc495ba4
    Added Reference https://git.kernel.org/stable/c/d62b808d5c68a931ad0849a00a5e3be3dd7e0019
    Added Reference https://git.kernel.org/stable/c/fc1141a530dfc91f0ee19b7f422a2d24829584bc
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
Vulnerability Scoring Details
No CVSS metrics available for this vulnerability.