CVE-2026-31727
NULL Pointer Dereference in Linux Kernel USB Gadget
Publication date: 2026-05-01
Last updated on: 2026-05-01
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Linux kernel's USB gadget subsystem, specifically in the u_ether driver. It occurs because after a gadget device is unbound and reparented to a different location in the device hierarchy, a userspace tool querying the network interface during this detached state can trigger a NULL pointer dereference.
The issue arises when the eth_get_drvinfo function attempts to access the gadget pointer, which may be NULL during this window, leading to a kernel crash. The fix involves adding a NULL check for the gadget pointer in eth_get_drvinfo to safely skip copying certain strings when the device is detached.
How can this vulnerability impact me? :
This vulnerability can cause a kernel NULL pointer dereference, which typically results in a kernel crash or system instability. If exploited or triggered, it could lead to denial of service by crashing the affected system or device running the vulnerable Linux kernel.