cve 2025 40275

CVE-2025-40275 is a NULL-pointer dereference vulnerability in the Linux kernel's ALSA USB audio driver, specifically in the snd_usb_mixer_controls_badd function. It can be triggered by a crafted USB audio descriptor during UAC3 device parsing, potentially causing a system crash (oops). The upstream fix adds a simple NULL check to prevent this issue. This tag covers discussions about the vulnerability, its impact on Linux systems, and the patch released to address it. Topics include kernel security, USB audio device handling, and the role of fuzzing tools like syzkaller in discovering such flaws.