{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-40085","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2025-04-16T07:20:57.161Z","datePublished":"2025-10-29T13:37:04.707Z","dateUpdated":"2026-05-11T21:42:13.206Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T21:42:13.206Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: usb-audio: Fix NULL pointer deference in try_to_register_card\n\nIn try_to_register_card(), the return value of usb_ifnum_to_if() is\npassed directly to usb_interface_claimed() without a NULL check, which\nwill lead to a NULL pointer dereference when creating an invalid\nUSB audio device. Fix this by adding a check to ensure the interface\npointer is valid before passing it to usb_interface_claimed()."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["sound/usb/card.c"],"versions":[{"version":"28787ff9fbeaf57684eb64cc33e2ec8ceedf21b5","lessThan":"736159f7b296d7a95f7208eb4799639b1f8b16a0","status":"affected","versionType":"git"},{"version":"39efc9c8a973ddff5918191525d1679d0fb368ea","lessThan":"8d19a7ab28c7b9c207db5c5282afa8cc8595bcdb","status":"affected","versionType":"git"},{"version":"39efc9c8a973ddff5918191525d1679d0fb368ea","lessThan":"576312eb436326b44b7010f4d9ae2b698df075ea","status":"affected","versionType":"git"},{"version":"39efc9c8a973ddff5918191525d1679d0fb368ea","lessThan":"bba7208765d26e5e36b87f21dacc2780b064f41f","status":"affected","versionType":"git"},{"version":"39efc9c8a973ddff5918191525d1679d0fb368ea","lessThan":"8503ac1a62075a085402e42a386b5c627c821a51","status":"affected","versionType":"git"},{"version":"39efc9c8a973ddff5918191525d1679d0fb368ea","lessThan":"28412b489b088fb88dff488305fd4e56bd47f6e4","status":"affected","versionType":"git"},{"version":"9d4f4dc3cd38e412c29a7626489fe48b79ebbf6c","status":"affected","versionType":"git"},{"version":"52076a41c128146c9df4a157e972cb17019313b1","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["sound/usb/card.c"],"versions":[{"version":"6.1","status":"affected"},{"version":"0","lessThan":"6.1","status":"unaffected","versionType":"semver"},{"version":"5.15.196","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"6.1.158","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.6.114","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.12.55","lessThanOrEqual":"6.12.*","status":"unaffected","versionType":"semver"},{"version":"6.17.5","lessThanOrEqual":"6.17.*","status":"unaffected","versionType":"semver"},{"version":"6.18","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.15.75","versionEndExcluding":"5.15.196"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.1","versionEndExcluding":"6.1.158"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.1","versionEndExcluding":"6.6.114"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.1","versionEndExcluding":"6.12.55"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.1","versionEndExcluding":"6.17.5"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.1","versionEndExcluding":"6.18"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.19.17"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.0.3"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/736159f7b296d7a95f7208eb4799639b1f8b16a0"},{"url":"https://git.kernel.org/stable/c/8d19a7ab28c7b9c207db5c5282afa8cc8595bcdb"},{"url":"https://git.kernel.org/stable/c/576312eb436326b44b7010f4d9ae2b698df075ea"},{"url":"https://git.kernel.org/stable/c/bba7208765d26e5e36b87f21dacc2780b064f41f"},{"url":"https://git.kernel.org/stable/c/8503ac1a62075a085402e42a386b5c627c821a51"},{"url":"https://git.kernel.org/stable/c/28412b489b088fb88dff488305fd4e56bd47f6e4"}],"title":"ALSA: usb-audio: Fix NULL pointer deference in try_to_register_card","x_generator":{"engine":"bippy-1.2.0"}}}}