CVE-2025-21859— USB: gadget: f_midi: f_midi_complete to call queue_work

AI Predicted 5.5 Difficulty: Easy EPSS 0.01% · P2 Updated May 13, 2026

Affected Version Matrix 18

Vendor	Product	Version Range	Status
Linux	Linux	`d5daf49b58661ec4af7a55b277176efbf945ca05< 727dee0857946b85232526de4f5a957fe163e89a`	affected
		`d5daf49b58661ec4af7a55b277176efbf945ca05< 1f10923404705a94891e612dff3b75e828a78368`	affected
		`d5daf49b58661ec4af7a55b277176efbf945ca05< b09957657d7767d164b3432af2129bd72947553c`	affected
		`d5daf49b58661ec4af7a55b277176efbf945ca05< 24a942610ee9bafb2692a456ae850c5b2e409b05`	affected
		`d5daf49b58661ec4af7a55b277176efbf945ca05< deeee3adb2c01eedab32c3b4519337689ad02e8a`	affected
		`d5daf49b58661ec4af7a55b277176efbf945ca05< e9fec6f42c45db2f62dc373fb1a10d2488c04e79`	affected
		`d5daf49b58661ec4af7a55b277176efbf945ca05< 8aa6b4be1f4efccbfc533e6ec8841d26e4fa8dba`	affected
		`d5daf49b58661ec4af7a55b277176efbf945ca05< 4ab37fcb42832cdd3e9d5e50653285ca84d6686f`	affected
… +10 more rows

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2025-21859

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

USB: gadget: f_midi: f_midi_complete to call queue_work

Source: NVD (National Vulnerability Database)

Vulnerability Description

In the Linux kernel, the following vulnerability has been resolved: USB: gadget: f_midi: f_midi_complete to call queue_work When using USB MIDI, a lock is attempted to be acquired twice through a re-entrant call to f_midi_transmit, causing a deadlock. Fix it by using queue_work() to schedule the inner f_midi_transmit() via a high priority work queue from the completion handler.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Title

Linux kernel 安全漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel存在安全漏洞，该漏洞源于在USB MIDI中使用锁导致死锁。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
Linux	Linux	d5daf49b58661ec4af7a55b277176efbf945ca05 ~ 727dee0857946b85232526de4f5a957fe163e89a	-
Linux	Linux	3.2	-

II. Public POCs for CVE-2025-21859

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2025-21859

请登录查看更多情报信息。

Other References for CVE-2025-21859 (7)

https://nvd.nist.gov/vuln/detail/CVE-2025-21859

Same Patch Batch · Linux · 2025-03-12 · 26 CVEs total

CVE-2025-21853		bpf: avoid holding freeze_mutex during mmap operation
CVE-2024-58087		ksmbd: fix racy issue from session lookup and expire
CVE-2024-58088		bpf: Fix deadlock when freeing cgroup storage
CVE-2024-58089		btrfs: fix double accounting race when btrfs_run_delalloc_range() failed
CVE-2025-21844		smb: client: Add check for next_buffer in receive_encrypted_standard()
CVE-2025-21845		mtd: spi-nor: sst: Fix SST write failure
CVE-2025-21846		acct: perform last write from workqueue
CVE-2025-21848		nfp: bpf: Add check for nfp_app_ctrl_msg_alloc()
CVE-2025-21847		ASoC: SOF: stream-ipc: Check for cstream nullity in sof_ipc_msg_data()
CVE-2025-21849		drm/i915/gt: Use spin_lock_irqsave() in interruptible context
CVE-2025-21851		bpf: Fix softlockup in arena_map_free on 64k page kernel
CVE-2025-21850		nvmet: Fix crash when a namespace is disabled
CVE-2025-21852		net: Add rx_skb of kfree_skb to raw_tp_null_args[].
CVE-2025-21866		powerpc/code-patching: Fix KASAN hit by not flagging text patching area as VM_ALLOC
CVE-2025-21855		ibmvnic: Don't reference skb after sending to VIOS
CVE-2025-21854		sockmap, vsock: For connectible sockets allow only connected
CVE-2025-21856		s390/ism: add release function for struct device
CVE-2025-21857		net/sched: cls_api: fix error handling causing NULL dereference
CVE-2025-21858		geneve: Fix use-after-free in geneve_find_dev().
CVE-2025-21861		mm/migrate_device: don't add folio to be freed to LRU in migrate_device_finalize()

Showing top 20 of 26 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: Linux

Same vendor: Linux

V. Comments for CVE-2025-21859

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2025-21859— USB: gadget: f_midi: f_midi_complete to call queue_work

Affected Version Matrix 18

I. Basic Information for CVE-2025-21859

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2025-21859

III. Intelligence Information for CVE-2025-21859

Other References for CVE-2025-21859 (7)

Same Patch Batch · Linux · 2025-03-12 · 26 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2025-21859

Leave a comment