VDB
CVE-2026-31606
CVE-2026-31606
PUBLISHED
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_hid: don't call cdev_init while cdev in use When calling unbind, then bind again, cdev_init reinitialized the cdev, even though there may still be references to it. That's the case when the /dev/hidg* device is still opened. This obviously unsafe behavior like oopes. This fixes this by using cdev_alloc to put the cdev on the heap. That way, we can simply allocate a new one in hidg_bind.
EPSS 0.02% · 3.3th percentile
Risk Scores
EPSS Score
0.02%
3.3th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| linux | linux_kernel | 0, 0, 0 |
| Linux | Linux | 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2, 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2, 6.12.83 |
Exploit Intelligence
- https://git.kernel.org/stable/c/c6c0d13db5d0f8d465eabc14bd23d2b6a7247a43 (circl)
- https://git.kernel.org/stable/c/eb6ef6185f2054a341ec70d7e2165f5381744215 (circl)
- https://git.kernel.org/stable/c/5a229016ca3ac551294ec59770be9da94ec4bf63 (circl)
- https://git.kernel.org/stable/c/75ecc46828ec377dd5692c677168ef6d64fd7123 (circl)
- 4694.0.0.yml (github-poc)
- 4694.0.0.yml (github-poc)
- 4694.0.0.yml (github-poc)
- 4694.0.0.yml (github-poc)
- 4694.0.0.yml (github-poc)
Timeline
- Apr 24, 2026 CVE Published
- Apr 24, 2026 Security Advisory
- Apr 27, 2026 Security Advisory
- Apr 29, 2026 CVE Updated
- May 18, 2026 EPSS Score
- May 19, 2026 EPSS Score
- May 20, 2026 EPSS Score
- May 21, 2026 EPSS Score
- May 22, 2026 EPSS Score
- May 23, 2026 EPSS Score
- May 24, 2026 EPSS Score
- May 25, 2026 EPSS Score
References
- https://git.kernel.org/stable/c/c6c0d13db5d0f8d465eabc14bd23d2b6a7247a43 url
- https://git.kernel.org/stable/c/eb6ef6185f2054a341ec70d7e2165f5381744215 url
- https://git.kernel.org/stable/c/5a229016ca3ac551294ec59770be9da94ec4bf63 url
- https://git.kernel.org/stable/c/75ecc46828ec377dd5692c677168ef6d64fd7123 url
- https://nvd.nist.gov/vuln/detail/CVE-2026-31606 advisory
- https://lists.debian.org/debian-security-announce/2026/msg00154.html advisory
- https://lists.debian.org/debian-security-announce/2026/msg00148.html advisory