CVE-2025-68249

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> most: usb: hdm_probe: Fix calling put_device() before device initialization<br /> <br /> The early error path in hdm_probe() can jump to err_free_mdev before<br /> &amp;mdev-&gt;dev has been initialized with device_initialize(). Calling<br /> put_device(&amp;mdev-&gt;dev) there triggers a device core WARN and ends up<br /> invoking kref_put(&amp;kobj-&gt;kref, kobject_release) on an uninitialized<br /> kobject.<br /> <br /> In this path the private struct was only kmalloc&amp;#39;ed and the intended<br /> release is effectively kfree(mdev) anyway, so free it directly instead<br /> of calling put_device() on an uninitialized device.<br /> <br /> This removes the WARNING and fixes the pre-initialization error path.