CVE-2025-40223

*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> most: usb: Fix use-after-free in hdm_disconnect<br /> <br /> hdm_disconnect() calls most_deregister_interface(), which eventually<br /> unregisters the MOST interface device with device_unregister(iface-&gt;dev).<br /> If that drops the last reference, the device core may call release_mdev()<br /> immediately while hdm_disconnect() is still executing.<br /> <br /> The old code also freed several mdev-owned allocations in<br /> hdm_disconnect() and then performed additional put_device() calls.<br /> Depending on refcount order, this could lead to use-after-free or<br /> double-free when release_mdev() ran (or when unregister paths also<br /> performed puts).<br /> <br /> Fix by moving the frees of mdev-owned allocations into release_mdev(),<br /> so they happen exactly once when the device is truly released, and by<br /> dropping the extra put_device() calls in hdm_disconnect() that are<br /> redundant after device_unregister() and most_deregister_interface().<br /> <br /> This addresses the KASAN slab-use-after-free reported by syzbot in<br /> hdm_disconnect(). See report and stack traces in the bug link below.