VDB

CVE-2026-31755

CVE-2026-31755 PUBLISHED

In the Linux kernel, the following vulnerability has been resolved: usb: cdns3: gadget: fix NULL pointer dereference in ep_queue When the gadget endpoint is disabled or not yet configured, the ep->desc pointer can be NULL. This leads to a NULL pointer dereference when __cdns3_gadget_ep_queue() is called, causing a kernel crash. Add a check to return -ESHUTDOWN if ep->desc is NULL, which is the standard return code for unconfigured endpoints. This prevents potential crashes when ep_queue is called on endpoints that are not ready.

EPSS 0.01% · 2.4th percentile

Risk Scores

EPSS Score
0.01%
2.4th percentile

Affected Products

VendorProductVersions
linuxlinux_kernel5.4, 5.4, 5.4
LinuxLinux7733f6c32e36ff9d7adadf40001039bf219b1cbe, 7733f6c32e36ff9d7adadf40001039bf219b1cbe, 7733f6c32e36ff9d7adadf40001039bf219b1cbe

Timeline

  • May 1, 2026 CVE Published
  • May 8, 2026 CVE Updated
  • May 18, 2026 EPSS Score
  • May 19, 2026 EPSS Score
  • May 20, 2026 EPSS Score
  • May 21, 2026 EPSS Score
  • May 22, 2026 EPSS Score
  • May 23, 2026 EPSS Score
  • May 24, 2026 EPSS Score
  • May 25, 2026 EPSS Score
  • May 26, 2026 EPSS Score
  • May 27, 2026 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›