CVE-2025-40092 usb: gadget: f_ncm: Refactor bind path to use __free()

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: fncm: Refactor bind path to use free After an bind/unbind cycle, the ncm-notifyreq is left stale. If a subsequent bind fails, the unified error label attempts to free this stale request, leading to a NULL pointer...

CVE-2025-40092 usb: gadget: f_ncm: Refactor bind path to use __free()

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: fncm: Refactor bind path to use free After an bind/unbind cycle, the ncm-notifyreq is left stale. If a subsequent bind fails, the unified error label attempts to free this stale request, leading to a NULL pointer...

CVE-2025-40092

Summary of CVE-2025-40092 : In the Linux kernel USB gadget stack for the f_ncm function, a stale ncm->notify_req after a bind/unbind cycle could be freed on a later failed bind, causing a NULL pointer dereference when ep->ops->free_request is accessed. The patch refactors the error handl...

CVE-2025-40092

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: fncm: Refactor bind path to use free After an bind/unbind cycle, the ncm-notifyreq is left stale. If a subsequent bind fails, the unified error label attempts to free this stale request, leading to a NULL pointer...

[SECURITY] Fedora 42 Update: bind-9.18.41-1.fc42

BIND Berkeley Internet Name Domain is an implementation of the DNS Domain Name System protocols. BIND includes a DNS server named, which resolves host names to IP addresses; a resolver library routines for applications to use when interfacing with DNS; and tools for verifying that the DNS server ...

[SECURITY] Fedora 42 Update: bind-dyndb-ldap-11.11-7.fc42

This package provides an LDAP back-end plug-in for BIND. It features support for dynamic updates and internal caching, to lift the load off of your LDAP server...

[SECURITY] Fedora 41 Update: bind-dyndb-ldap-11.10-35.fc41

This package provides an LDAP back-end plug-in for BIND. It features support for dynamic updates and internal caching, to lift the load off of your LDAP server...

[SECURITY] Fedora 41 Update: bind-9.18.41-1.fc41

BIND Berkeley Internet Name Domain is an implementation of the DNS Domain Name System protocols. BIND includes a DNS server named, which resolves host names to IP addresses; a resolver library routines for applications to use when interfacing with DNS; and tools for verifying that the DNS server ...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from rndis-notifyreq becoming stale after a bind-unbind loop, which could lead to a null pointer dereference...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from not properly cleaning up a notifyreq request in the ncmbind function, which could result in a null pointer...

Fedora 41 : bind / bind-dyndb-ldap (2025-10c407da27)

The remote Fedora 41 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2025-10c407da27 advisory. Update to 9.18.41 rhbz2405786 Security fixes: - DNSSEC validation fails if matching but invalid DNSKEY is found. CVE-2025-8677 - Address various...

Linux Distros Unpatched Vulnerability : CVE-2025-40094

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - usb: gadget: facm: Refactor bind path to use free After an bind/unbind cycle, the acm-notifyreq is left stale. If a subsequent bind fails, the unified error lab...

Fedora: Security Advisory (FEDORA-2025-92566203fd)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Linux Distros Unpatched Vulnerability : CVE-2025-40093

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - usb: gadget: fecm: Refactor bind path to use free After an bind/unbind cycle, the ecm-notifyreq is left stale. If a subsequent bind fails, the unified error lab...

Linux Distros Unpatched Vulnerability : CVE-2025-40095

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - usb: gadget: frndis: Refactor bind path to use free After an bind/unbind cycle, the rndis-notifyreq is left stale. If a subsequent bind fails, the unified error...

Linux Distros Unpatched Vulnerability : CVE-2025-40069

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: drm/msm: Fix obj leak in VMBIND error path If we fail a handle-lookup part way thru, we need...

Fedora 42 : bind / bind-dyndb-ldap (2025-92566203fd)

The remote Fedora 42 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2025-92566203fd advisory. Update to 9.18.41 rhbz2405786 Security fixes: - DNSSEC validation fails if matching but invalid DNSKEY is found. CVE-2025-8677 - Address various...

Linux Distros Unpatched Vulnerability : CVE-2025-40092

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - usb: gadget: fncm: Refactor bind path to use free After an bind/unbind cycle, the ncm-notifyreq is left stale. If a subsequent bind fails, the unified error lab...

Unspecified Vulnerability in ISC BIND 9

ISC BIND 9 is a domain name system software from the ISC organization. A security vulnerability exists in ISC BIND 9 that stems from a weakness in the pseudo-random number generator, which can be exploited by an attacker to cause prediction of source ports and query IDs...

Unspecified Vulnerability in ISC BIND 9 (CNVD-2025-26736)

ISC BIND 9 is a domain name system software from the ISC organization. A security vulnerability exists in ISC BIND 9, which arises from an overly lax acceptance of response records, and can be exploited by an attacker to cause forged data to be injected into the cache...