Acknowledged
Created: Dec 16, 2025
Updated: Dec 18, 2025
Found In Version: 10.25.33.1
Severity: Standard
Applicable for: Wind River Linux LTS 25
Component/s: Kernel
In the Linux kernel, the following vulnerability has been resolved:[EOL][EOL]most: usb: hdm_probe: Fix calling put_device() before device initialization[EOL][EOL]The early error path in hdm_probe() can jump to err_free_mdev before[EOL]&mdev->dev has been initialized with device_initialize(). Calling[EOL]put_device(&mdev->dev) there triggers a device core WARN and ends up[EOL]invoking kref_put(&kobj->kref, kobject_release) on an uninitialized[EOL]kobject.[EOL][EOL]In this path the private struct was only kmalloc'ed and the intended[EOL]release is effectively kfree(mdev) anyway, so free it directly instead[EOL]of calling put_device() on an uninitialized device.[EOL][EOL]This removes the WARNING and fixes the pre-initialization error path.
