CVE-2026-31606 in Linux情報

要約

〜によって MITRE • 2026年04月24日

In the Linux kernel, the following vulnerability has been resolved:

usb: gadget: f_hid: don't call cdev_init while cdev in use

When calling unbind, then bind again, cdev_init reinitialized the cdev, even though there may still be references to it. That's the case when the /dev/hidg* device is still opened. This obviously unsafe behavior like oopes.

This fixes this by using cdev_alloc to put the cdev on the heap. That way, we can simply allocate a new one in hidg_bind.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

責任者

Linux

予約する

2026年03月09日

公開

2026年04月24日

モデレーション

承諾済み

エントリ

VDB-359436

CPE

準備完了

CWE

CWE-122 (確認済み)

CVSS

8.0 (VulDB)

EPSS

0.00015

KEV

いいえ

アクティビティ

非常低い

セクター

Pharma, Energy, ...

ソース

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-31606
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-31606
CVE Details	https://www.cvedetails.com/cve/CVE-2026-31606/

◂ 前概要次 ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!