#VU119168 Use-after-free in Linux kernel - CVE-2025-40223
Published: December 4, 2025
Vulnerability identifier: #VU119168
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2025-40223
CWE-ID: CWE-416
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Linux kernel
Linux kernel
Software vendor:
Linux Foundation
Linux Foundation
Description
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the release_mdev() and hdm_disconnect() functions in drivers/most/most_usb.c. A local user can escalate privileges on the system.
Remediation
Install update from vendor's repository.
External links
- https://git.kernel.org/stable/c/33daf469f5294b9d07c4fc98216cace9f4f34cc6
- https://git.kernel.org/stable/c/3a3b8e89c7201c5b3b76ac4a4069d1adde1477d6
- https://git.kernel.org/stable/c/4b1270902609ef0d935ed2faa2ea6d122bd148f5
- https://git.kernel.org/stable/c/578eb18cd111addec94c43f61cd4b4429e454809
- https://git.kernel.org/stable/c/5b5c478f09b1b35e7fe6fc9a1786c9bf6030e831
- https://git.kernel.org/stable/c/72427dc6f87523995f4e6ae35a948bb2992cabce
- https://git.kernel.org/stable/c/f93a84ffb884d761a9d4e869ba29c238711e81f1