CVE-2025-38555

In the Linux kernel, the following vulnerability has been resolved:

usb: gadget : fix use-after-free in composite_dev_cleanup()

In func configfs_composite_bind() -> composite_os_desc_req_prepare(): if kmalloc fails, the pointer cdev->os_desc_req will be freed but not set to NULL. Then it will return a failure to the upper-level function.
in func configfs_composite_bind() -> composite_dev_cleanup(): it will checks whether cdev->os_desc_req is NULL. If it is not NULL, it will attempt to use it.This will lead to a use-after-free issue.

BUG: KASAN: use-after-free in composite_dev_cleanup+0xf4/0x2c0 Read of size 8 at addr 0000004827837a00 by task init/1

CPU: 10 PID: 1 Comm: init Tainted: G O 5.10.97-oh #1 kasan_report+0x188/0x1cc __asan_load8+0xb4/0xbc composite_dev_cleanup+0xf4/0x2c0 configfs_composite_bind+0x210/0x7ac udc_bind_to_driver+0xb4/0x1ec usb_gadget_probe_driver+0xec/0x21c gadget_dev_desc_UDC_store+0x264/0x27c

Published: Aug 19, 2025
Updated: Jan 9, 2026
CVE: CVE-2025-38555
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.8
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-416

Affected Software
References

Software	From	Fixed in
linux / linux_kernel	3.16	5.4.297
linux / linux_kernel	5.5	5.10.241
linux / linux_kernel	5.11	5.15.190
linux / linux_kernel	5.16	6.1.148
linux / linux_kernel	6.2	6.6.102
linux / linux_kernel	6.7	6.12.42
linux / linux_kernel	6.13	6.15.10
linux / linux_kernel	6.16	6.16.1
debian / debian_linux	11.0	11.0.x

Vulnerability Database

318,756

CVE-2025-38555

Deep Security Visibility Without the Complexity