Acknowledged
Created: Aug 19, 2025
Updated: Jan 8, 2026
Resolved Date: Sep 10, 2025
Found In Version: 10.25.33.1
Severity: Standard
Applicable for: Wind River Linux LTS 25
Component/s: Kernel
In the Linux kernel, the following vulnerability has been resolved:EOL][EOL]usb: gadget : fix use-after-free in composite_dev_cleanup()[EOL][EOL]1. In func configfs_composite_bind() -> composite_os_desc_req_prepare():[EOL]if kmalloc fails, the pointer cdev->os_desc_req will be freed but not[EOL]set to NULL. Then it will return a failure to the upper-level function.[EOL]2. in func configfs_composite_bind() -> composite_dev_cleanup():[EOL]it will checks whether cdev->os_desc_req is NULL. If it is not NULL, it[EOL]will attempt to use it.This will lead to a use-after-free issue.[EOL][EOL]BUG: KASAN: use-after-free in composite_dev_cleanup+0xf4/0x2c0[EOL]Read of size 8 at addr 0000004827837a00 by task init/1[EOL][EOL]CPU: 10 PID: 1 Comm: init Tainted: G O 5.10.97-oh #1[EOL] kasan_report+0x188/0x1cc[EOL] __asan_load8+0xb4/0xbc[EOL] composite_dev_cleanup+0xf4/0x2c0[EOL] configfs_composite_bind+0x210/0x7ac[EOL] udc_bind_to_driver+0xb4/0x1ec[EOL] usb_gadget_probe_driver+0xec/0x21c[EOL] gadget_dev_desc_UDC_store+0x264/0x27c
CREATE(Triage):(User=lchen-cn) [CVE-2025-38555 (https://nvd.nist.gov/vuln/detail/CVE-2025-38555)
