CVE-2026-31727

MEDIUM EPSS 2.4%
Published May 1, 20261mo ago · Modified Jun 19, 20261w ago
5.5 CVSS 3.1
Medium
Find Similar
Published May 1, 2026 1mo ago
Last Modified Jun 19, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: u_ether: Fix NULL pointer deref in eth_get_drvinfo Commit ec35c1969650 ("usb: gadget: f_ncm: Fix net_device lifecycle with device_move") reparents the gadget device to /sys/devices/virtual during unbind, clearing the gadget pointer. If the userspace tool queries on the surviving interface during this detached window, this leads to a NULL pointer dereference. Unable to handle kernel NULL pointer dereference Call trace: eth_get_drvinfo+0x50/0x90 ethtool_get_drvinfo+0x5c/0x1f0 __dev_ethtool+0xaec/0x1fe0 dev_ethtool+0x134/0x2e0 dev_ioctl+0x338/0x560 Add a NULL check for dev->gadget in eth_get_drvinfo(). When detached, skip copying the fw_version and bus_info strings, which is natively handled by ethtool_get_drvinfo for empty strings.

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
2.4% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-476 NULL Pointer Dereference Memory Safety

Affected Products 9

VendorProductVersionRange
linuxlinux_kernel*≥6.12.78  –  <6.12.81
linuxlinux_kernel*≥6.18.19  –  <6.18.22
linuxlinux_kernel*≥6.19.9  –  <6.19.12
linuxlinux_kernel7.0any
linuxlinux_kernel7.0any
linuxlinux_kernel7.0any
linuxlinux_kernel7.0any
linuxlinux_kernel7.0any
linuxlinux_kernel7.0any

References 6

  • git.kernel.org https://git.kernel.org/stable/c/0326429e8ba99892e1d1e115dc8e88e1a3b64e24
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/7de4d46be40738c7e48e64b5cc0a34aa1e047b0a
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/7fce959e9be3bf63bb0fdf4b05f9cc42cb289fe2
  • git.kernel.org https://git.kernel.org/stable/c/a36e5e800b9c93e3e1ffa42f34d38b36775dbcee
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/e002e92e88e12457373ed096b18716d97e7bbb20
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/f9f987472f4b8ab177be2b6492a59278ed969479

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/0326429e8ba99892e1d1e115dc8e88e1a3b64e24
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/7de4d46be40738c7e48e64b5cc0a34aa1e047b0a
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/a36e5e800b9c93e3e1ffa42f34d38b36775dbcee
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/e002e92e88e12457373ed096b18716d97e7bbb20
    Patch