In the Linux kernel, the following vulnerability has been resolved: usb: legacy: ncm: Fix NPE in...

Description

In the Linux kernel, the following vulnerability has been resolved:

usb: legacy: ncm: Fix NPE in gncm_bind

Commit 56a512a9b410 ("usb: gadget: f_ncm: align net_device lifecycle
with bind/unbind") deferred the allocation of the net_device. This
change leads to a NULL pointer dereference in the legacy NCM driver as
it attempts to access the net_device before it's fully instantiated.

Store the provided qmult, host_addr, and dev_addr into the struct
ncm_opts->net_opts during gncm_bind(). These values will be properly
applied to the net_device when it is allocated and configured later in
the binding process by the NCM function driver.

Basic information

Type
unreviewed
Severity
unknown
Advisory on GitHub
Open advisory ↗
Repository advisory
Source code
Not specified
Published (advisory)
2026-05-08 15:31:28 UTC
Updated
2026-05-08 15:31:38 UTC
NVD published
2026-05-08

EPSS Score

Score Percentile
0.02% 4.13%

CVSS Scores

No CVSS scores in this advisory.

Identifiers

References

cvelogic Threat Intelligence