CVE-2025-40275

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> ALSA: usb-audio: Fix NULL pointer dereference in snd_usb_mixer_controls_badd<br /> <br /> In snd_usb_create_streams(), for UAC version 3 devices, the Interface<br /> Association Descriptor (IAD) is retrieved via usb_ifnum_to_if(). If this<br /> call fails, a fallback routine attempts to obtain the IAD from the next<br /> interface and sets a BADD profile. However, snd_usb_mixer_controls_badd()<br /> assumes that the IAD retrieved from usb_ifnum_to_if() is always valid,<br /> without performing a NULL check. This can lead to a NULL pointer<br /> dereference when usb_ifnum_to_if() fails to find the interface descriptor.<br /> <br /> This patch adds a NULL pointer check after calling usb_ifnum_to_if() in<br /> snd_usb_mixer_controls_badd() to prevent the dereference.<br /> <br /> This issue was discovered by syzkaller, which triggered the bug by sending<br /> a crafted USB device descriptor.