CVE-2026-31606

MEDIUM

usb: gadget: f_hid: don't call cdev_init while cdev in use

Title source: cna

Description

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_hid: don't call cdev_init while cdev in use When calling unbind, then bind again, cdev_init reinitialized the cdev, even though there may still be references to it. That's the case when the /dev/hidg* device is still opened. This obviously unsafe behavior like oopes. This fixes this by using cdev_alloc to put the cdev on the heap. That way, we can simply allocate a new one in hidg_bind.

References (5)

Core 5

Core References

https://git.kernel.org/stable/c/c6c0d13db5d0f8d465eabc14bd23d2b6a7247a43

https://git.kernel.org/stable/c/eb6ef6185f2054a341ec70d7e2165f5381744215

https://git.kernel.org/stable/c/5a229016ca3ac551294ec59770be9da94ec4bf63

https://git.kernel.org/stable/c/75ecc46828ec377dd5692c677168ef6d64fd7123

https://git.kernel.org/stable/c/81ebd43cc0d6d106ce7b6ccbf7b5e40ca7f5503d

Scores

CVSS v3 5.5

EPSS 0.0001

EPSS Percentile 2.3%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

Status published

Products (17)

Linux/Linux < 3.19

Linux/Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - 5a229016ca3ac551294ec59770be9da94ec4bf63

Linux/Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - 75ecc46828ec377dd5692c677168ef6d64fd7123

Linux/Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - c6c0d13db5d0f8d465eabc14bd23d2b6a7247a43

Linux/Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - eb6ef6185f2054a341ec70d7e2165f5381744215

Linux/Linux 3.19

Linux/Linux 6.12.83 - 6.12.*

Linux/Linux 6.18.24 - 6.18.*

Linux/Linux 6.19.14 - 6.19.*

Linux/Linux 7.0.1 - 7.0.*

... and 7 more

Published Apr 24, 2026

Tracked Since Apr 24, 2026