CVSS: 4.7EPSS: 0%CPEs: 8EXPL: 0CVE-2026-31728 – usb: gadget: u_ether: Fix race between gether_disconnect and eth_stop
https://notcve.org/view.php?id=CVE-2026-31728
01 May 2026 — In the Linux kernel, the following vulnerability has been resolved: usb: gadget: u_ether: Fix race between gether_disconnect and eth_stop A race condition between gether_disconnect() and eth_stop() leads to a NULL pointer dereference. • https://git.kernel.org/stable/c/2b3d942c4878084a37991a65e66512c02b8fa2ad • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2026-31727 – usb: gadget: u_ether: Fix NULL pointer deref in eth_get_drvinfo
https://notcve.org/view.php?id=CVE-2026-31727
01 May 2026 — In the Linux kernel, the following vulnerability has been resolved: usb: gadget: u_ether: Fix NULL pointer deref in eth_get_drvinfo Commit ec35c1969650 ("usb: gadget: f_ncm: Fix net_device lifecycle with device_move") reparents the gadget device to /sys/devices/virtual during unbind, clearing the gadget pointer. • https://git.kernel.org/stable/c/93f116c3393a22acab96ad1bef12b2572eb80ca4 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2026-31726 – usb: gadget: uvc: fix NULL pointer dereference during unbind race
https://notcve.org/view.php?id=CVE-2026-31726
01 May 2026 — In the Linux kernel, the following vulnerability has been resolved: usb: gadget: uvc: fix NULL pointer dereference during unbind race Commit b81ac4395bbe ("usb: gadget: uvc: allow for application to cleanly shutdown") introduced two stages of synchronization waits totaling 1500ms in uvc_function_unbind() to prevent several types of kernel panics. However, this timing-based approach is insufficient during power management (PM) transitions. • https://git.kernel.org/stable/c/1444e0568bc2c70868e7b8da5b46fc2252acc3f5 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2026-31725 – usb: gadget: f_ecm: Fix net_device lifecycle with device_move
https://notcve.org/view.php?id=CVE-2026-31725
01 May 2026 — In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_ecm: Fix net_device lifecycle with device_move The net_device is allocated during function instance creation and registered during the bind phase with the gadget device as its sysfs parent. • https://git.kernel.org/stable/c/fee562a6450b7806f1fbbe1469a67b5395b5c10a •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2026-31724 – usb: gadget: f_eem: Fix net_device lifecycle with device_move
https://notcve.org/view.php?id=CVE-2026-31724
01 May 2026 — In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_eem: Fix net_device lifecycle with device_move The net_device is allocated during function instance creation and registered during the bind phase with the gadget device as its sysfs parent. • https://git.kernel.org/stable/c/b29002a157940752dfed2c488b2011f63f007d71 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2026-31723 – usb: gadget: f_subset: Fix net_device lifecycle with device_move
https://notcve.org/view.php?id=CVE-2026-31723
01 May 2026 — In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_subset: Fix net_device lifecycle with device_move The net_device is allocated during function instance creation and registered during the bind phase with the gadget device as its sysfs parent. • https://git.kernel.org/stable/c/8cedba7c73af1369599b1111639cfeb66fe13aaa •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2026-31722 – usb: gadget: f_rndis: Fix net_device lifecycle with device_move
https://notcve.org/view.php?id=CVE-2026-31722
01 May 2026 — In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_rndis: Fix net_device lifecycle with device_move The net_device is allocated during function instance creation and registered during the bind phase with the gadget device as its sysfs parent. • https://git.kernel.org/stable/c/f466c6353819326873fa48a02c6f2d7c903240d6 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2026-31721 – usb: gadget: f_hid: move list and spinlock inits from bind to alloc
https://notcve.org/view.php?id=CVE-2026-31721
01 May 2026 — In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_hid: move list and spinlock inits from bind to alloc There was an issue when you did the following: - setup and bind an hid gadget - open /dev/hidg0 - use the resulting fd in EPOLL_CTL_ADD - unbind the UDC - bind the UDC - use the fd in EPOLL_CTL_DEL When CONFIG_DEBUG_LIST was enabled, a list_del corruption was reported within remove_wait_queue (via ep_remove_wait_queue). • https://git.kernel.org/stable/c/cb382536052fcc7713988869b54a81137069e5a9 •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2026-31720 – usb: gadget: f_uac1_legacy: validate control request size
https://notcve.org/view.php?id=CVE-2026-31720
01 May 2026 — In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_uac1_legacy: validate control request size f_audio_complete() copies req->length bytes into a 4-byte stack variable: u32 data = 0; memcpy(&data, req->buf, req->length); req->length is derived from the host-controlled USB request path, which can lead to a stack out-of-bounds write. • https://git.kernel.org/stable/c/c6994e6f067cf0fc4c6cca3d164018b1150916f8 • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2026-31719 – crypto: krb5enc - fix async decrypt skipping hash verification
https://notcve.org/view.php?id=CVE-2026-31719
01 May 2026 — In the Linux kernel, the following vulnerability has been resolved: crypto: krb5enc - fix async decrypt skipping hash verification krb5enc_dispatch_decrypt() sets req->base.complete as the skcipher callback, which is the caller's own completion handler. • https://git.kernel.org/stable/c/d1775a177f7f38156d541c8a3e3c91eaa6e69699 •