CVE-2026-43421

MEDIUM

usb: gadget: f_ncm: Fix net_device lifecycle with device_move

Title source: cna
STIX 2.1

Description

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_ncm: Fix net_device lifecycle with device_move The network device outlived its parent gadget device during disconnection, resulting in dangling sysfs links and null pointer dereference problems. A prior attempt to solve this by removing SET_NETDEV_DEV entirely [1] was reverted due to power management ordering concerns and a NO-CARRIER regression. A subsequent attempt to defer net_device allocation to bind [2] broke 1:1 mapping between function instance and network device, making it impossible for configfs to report the resolved interface name. This results in a regression where the DHCP server fails on pmOS. Use device_move to reparent the net_device between the gadget device and /sys/devices/virtual/ across bind/unbind cycles. This preserves the network interface across USB reconnection, allowing the DHCP server to retain their binding. Introduce gether_attach_gadget()/gether_detach_gadget() helpers and use __free(detach_gadget) macro to undo attachment on bind failure. The bind_count ensures device_move executes only on the first bind. [1] https://lore.kernel.org/lkml/[email protected]/ [2] https://lore.kernel.org/linux-usb/[email protected]/

Scores

CVSS v3 5.5
EPSS 0.0012
EPSS Percentile 2.4%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

CWE
CWE-476
Status published
Products (21)
linux/Kernel 3.11.0 - 6.1.176linux
linux/Kernel 6.13.0 - 6.18.19linux
linux/Kernel 6.19.0 - 6.19.9linux
linux/Kernel 6.2.0 - 6.6.143linux
linux/Kernel 6.7.0 - 6.12.78linux
Linux/Linux < 3.11
Linux/Linux 3.11
Linux/Linux 40d133d7f542616cf9538508a372306e626a16e9 - 36c41e9724c9a7a7cda37f5a4e9d94f25c8031c4
Linux/Linux 40d133d7f542616cf9538508a372306e626a16e9 - 7c97366f5dac5255e60a317ffe3a5b18f3745547
Linux/Linux 40d133d7f542616cf9538508a372306e626a16e9 - 85acaba2f42b557499bab3608307f17bf13beb69
... and 11 more
Published May 08, 2026
Tracked Since May 08, 2026