What is CVE-2025-40094?

CVE-2025-40094 is a unscored severity Linux kernel vulnerability, affecting Linux kernel versions from 2.6.27 onward and patched in 5.15.196, 6.1.158, 6.6.114 and others. CVE-2025-40094 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is the CVSS score for CVE-2025-40094?

CVE-2025-40094 has a CVSS score of pending NVD analysis out of 10, rated awaiting scoring severity.

Is there a patch available for CVE-2025-40094?

Yes, CVE-2025-40094 has been patched. Fixed versions include 5.15.196, 6.1.158, 6.6.114 and others. If you are running Linux kernel 2.6.27 or later up to the fix versions, apply the relevant patch for your kernel branch.

Is CVE-2025-40094 actively exploited?

CVE-2025-40094 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

CVE-2025-40094

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_acm: Refactor bind path to use __free() After an bind/unbind cycle, the acm->notify_req is left stale. If a subsequent bind fails, the unified error label attempts to free this stale request, leading to a NULL pointer dereference when accessing ep->ops->free_request. Refactor the error handling in the bind path to use the __free() automatic cleanup mechanism. Unable to handle kernel NULL pointer dereference at virtual address 0000000000000020 Call trace: usb_ep_free_request+0x2c/0xec gs_free_req+0x30/0x44 acm_bind+0x1b8/0x1f4 usb_add_function+0xcc/0x1f0 configfs_composite_bind+0x468/0x588 gadget_bind_driver+0x104/0x270 really_probe+0x190/0x374 __driver_probe_device+0xa0/0x12c driver_probe_device+0x3c/0x218 __device_attach_driver+0x14c/0x188 bus_for_each_drv+0x10c/0x168 __device_attach+0xfc/0x198 device_initial_probe+0x14/0x24 bus_probe_device+0x94/0x11c device_add+0x268/0x48c usb_add_gadget+0x198/0x28c dwc3_gadget_init+0x700/0x858 __dwc3_set_mode+0x3cc/0x664 process_scheduled_works+0x1d8/0x488 worker_thread+0x244/0x334 kthread+0x114/0x1bc ret_from_fork+0x10/0x20

Package Linux Kernel

Published 2025-10-30

Last modified 2026-04-15

Patch available

Yes

Affected versions

Linux kernel versions 2.6.27 and later are affected. Fixed in 5.15.196, 6.1.158, 6.6.114, 6.12.55, 6.17.5, 6.18 and their respective stable series.

Affected from

≥ 2.6.27

Fixed in

✓ 5.15.196 5.15.x ✓ 6.1.158 6.1.x ✓ 6.6.114 6.6.x ✓ 6.12.55 6.12.x ✓ 6.17.5 6.17.x ✓ 6.18

References

The following references provide additional information about CVE-2025-40094 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.

Kernel patch commit
https://git.kernel.org/stable/c/201a66d8e6630762e760e1d78f1d149da1691e7b
Patch
Kernel patch commit
https://git.kernel.org/stable/c/2b1546f7c5fc6c44555a8e7a2b34229d1dcd2175
Patch
Kernel patch commit
https://git.kernel.org/stable/c/47b2116e54b4a854600341487e8b55249e926324
Patch

6 patch commits total View all on NVD

Frequently asked questions

What is CVE-2025-40094?

CVE-2025-40094 is a unscored severity Linux kernel vulnerability . It affects Linux kernel versions from 2.6.27 onward and has been patched in 5.15.196, 6.1.158, 6.6.114 and others. CVE-2025-40094 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
Is there a patch available for CVE-2025-40094?

Yes — CVE-2025-40094 has been patched. Fixed versions include 5.15.196, 6.1.158, 6.6.114 and others. If you are running Linux kernel 2.6.27 or later up to the fix versions, apply the relevant patch for your kernel branch.
Is CVE-2025-40094 actively exploited?

No — CVE-2025-40094 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.