CVE-2026-31606 — Vulnetix

Try Vulnetix Request Demo

CVE-2026-31606 PUBLISHED

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_hid: don't call cdev_init while cdev in use When calling unbind, then bind again, cdev_init reinitialized the cdev, even though there may still be references to it. That's the case when the /dev/hidg* device is still opened. This obviously unsafe behavior like oopes. This fixes this by using cdev_alloc to put the cdev on the heap. That way, we can simply allocate a new one in hidg_bind.

Affected Products

Vendor	Product	Versions
linux	linux_kernel	0, 0, 0
Linux	Linux	6.18.24, 6.19.14, 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Timeline

Apr 24, 2026 CVE Published
Apr 24, 2026 Security Advisory
Apr 27, 2026 Security Advisory
Apr 29, 2026 CVE Updated

References

Open in Interactive Console →