Volerion logoVolerion
Volerion logoVolerion

Linux Kernel USB Gadget Composite Driver Use-After-Free Vulnerability

Vulnerability

A use-after-free vulnerability has been identified in the Linux kernel's USB gadget composite driver. This issue arises in the 'composite_dev_cleanup()' function, specifically within the 'configfs_composite_bind()' process. When memory allocation fails, the 'os_desc_req' pointer is freed but not set to NULL, leading to a potential use-after-free scenario. The vulnerability has been addressed in the Linux kernel stable tree.

Impact

Exploitation of this vulnerability can lead to a use-after-free condition, allowing for potential memory corruption.

Reproduction

The vulnerability can be reproduced by triggering a memory allocation failure in the 'composite_os_desc_req_prepare()' function. This will cause the 'os_desc_req' pointer to be freed without being nullified. Subsequently, the 'composite_dev_cleanup()' function will attempt to use the now-invalid pointer, leading to a use-after-free vulnerability.

Remediation

Users can upgrade to the latest version of the Linux kernel stable tree where this vulnerability has been fixed.

Added: Aug 19, 2025, 6:56 PM
Updated: Aug 19, 2025, 6:56 PM

Vulnerability Rating

Custom Algorithm
spread
9.0
impact
2.5
exploitability
4.3
remediation
7.7
relevance
0.4
threat
4.8
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.