0.0
CVE-2026-31727 - usb: gadget: u_ether: Fix NULL pointer deref in eth_get_drvinfo
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: u_ether: Fix NULL pointer deref in eth_get_drvinfo Commit ec35c1969650 ("usb: gadget: f_ncm: Fix net_device lifecycle with device_move") reparents the gadget device to /sys/devices/virtual during unbind, clearing theβ¦
0.0
CVE-2026-31726 - usb: gadget: uvc: fix NULL pointer dereference during unbind race
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: uvc: fix NULL pointer dereference during unbind race Commit b81ac4395bbe ("usb: gadget: uvc: allow for application to cleanly shutdown") introduced two stages of synchronization waits totaling 1500ms in uvc_function_β¦
0.0
CVE-2026-31725 - usb: gadget: f_ecm: Fix net_device lifecycle with device_move
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_ecm: Fix net_device lifecycle with device_move The net_device is allocated during function instance creation and registered during the bind phase with the gadget device as its sysfs parent. When the function unbindβ¦
0.0
CVE-2026-31724 - usb: gadget: f_eem: Fix net_device lifecycle with device_move
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_eem: Fix net_device lifecycle with device_move The net_device is allocated during function instance creation and registered during the bind phase with the gadget device as its sysfs parent. When the function unbindβ¦
0.0
CVE-2026-31723 - usb: gadget: f_subset: Fix net_device lifecycle with device_move
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_subset: Fix net_device lifecycle with device_move The net_device is allocated during function instance creation and registered during the bind phase with the gadget device as its sysfs parent. When the function unbβ¦
0.0
CVE-2026-31722 - usb: gadget: f_rndis: Fix net_device lifecycle with device_move
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_rndis: Fix net_device lifecycle with device_move The net_device is allocated during function instance creation and registered during the bind phase with the gadget device as its sysfs parent. When the function unbiβ¦
0.0
CVE-2026-31721 - usb: gadget: f_hid: move list and spinlock inits from bind to alloc
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_hid: move list and spinlock inits from bind to alloc There was an issue when you did the following: - setup and bind an hid gadget - open /dev/hidg0 - use the resulting fd in EPOLL_CTL_ADD - unbind the UDC - bind tβ¦
0.0
CVE-2026-31720 - usb: gadget: f_uac1_legacy: validate control request size
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_uac1_legacy: validate control request size f_audio_complete() copies req->length bytes into a 4-byte stack variable: u32 data = 0; memcpy(&data, req->buf, req->length); req->length is derived from the host-coβ¦
0.0
CVE-2026-31715 - f2fs: fix UAF caused by decrementing sbi->nr_pages[] in f2fs_write_end_io()
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix UAF caused by decrementing sbi->nr_pages[] in f2fs_write_end_io() The xfstests case "generic/107" and syzbot have both reported a NULL pointer dereference. The concurrent scenario that triggers the panic is as follows:β¦
0.0
CVE-2026-31714 - f2fs: fix to avoid memory leak in f2fs_rename()
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid memory leak in f2fs_rename() syzbot reported a f2fs bug as below: BUG: memory leak unreferenced object 0xffff888127f70830 (size 16): comm "syz.0.23", pid 6144, jiffies 4294943712 hex dump (first 16 bytes):β¦