CVE-2026-31721 · threatengine.sh

Home/CVE/In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_hid: move list and spinlock inits fr

CVE

CVE-2026-31721

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_hid: move list and spinlock inits fr

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_hid: move list and spinlock inits from bind to alloc There was an issue when you did the following: - setup and bind an hid gadget - open /dev/hidg0 - use the resulting fd in EPOLL_CTL_ADD - unbind the UDC - bind the UDC - use the fd in EPOLL_CTL_DEL When CONFIG_DEBUG_LIST was enabled, a list_del corruption was reported within remove_wait_queue (via ep_remove_wait_queue). After some debugging I found out that the queues, which f_hid registers via poll_wait were the problem. These were initialized using init_waitqueue_head inside hidg_bind.

So effectively, the bind function re-initialized the queues while there were still items in them. The solution is to move the initialization from hidg_bind to hidg_alloc to extend their lifetimes to the lifetime of the function instance. Additionally, I found many other possibly problematic init calls in the bind function, which I moved as well.

MEDIUM · CVSS 5.5 EPSS 0.00015

Monitor

No active-exploitation, high-EPSS, or public-exploit signals - routine patching cadence

Sigma rules0 YARA rules0

▤

Affected Products & Versions

8

linux kernel>= 3.19 and < 5.10.253
linux kernel>= 5.11 and < 5.15.203
linux kernel>= 5.16 and < 6.1.169
linux kernel>= 6.2 and < 6.6.135
linux kernel>= 6.7 and < 6.12.81
linux kernel>= 6.13 and < 6.18.22
linux kernel>= 6.19 and < 6.19.12
linux kernelall versions

▣

Scoring & Timeline

5.5

MEDIUM · CVSS v3.1 · 416baaa9-dc9f-4396-8d5f-8c081fb06d67

View on NVD

Attack Vector

Network Adjacent Local Physical

Attack Complexity

Low High

Privileges Required

None Low High

User Interaction

None Required

Scope

Unchanged Changed

Confidentiality

None Low High

Integrity

None Low High

Availability

None Low High

Published to NVD01 May 2026 · 03:16 PM

CVSS VectorCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

⚑

Vendor Advisories

1

msrcCVE-2026-31721

🔗

References & Sources

8

Source URLs (vendor pages, mailing lists, write-ups). Exploit/PoC links are in their own section above to avoid duplication.

https://git.kernel.org/stable/c/13440c0db227c5db01da751ed966dde4cdd2ea18Patch

https://git.kernel.org/stable/c/26a879a41ed960b3fb4ec773ef2788c515c0e488Patch

https://git.kernel.org/stable/c/4e0a88254ad59f6c53a34bf5fa241884ec09e8b2Patch

https://git.kernel.org/stable/c/5d1bb391ceeebb28327703dd07af8c6324af298fPatch

https://git.kernel.org/stable/c/81aee4500055876883658b024b6fb61801afe134Patch

https://git.kernel.org/stable/c/8ec6a58586f195a88479edcdb0b8027c39f12d03Patch

Show all 8 references

https://git.kernel.org/stable/c/de93e0862169b5539e00c2b9980b93fd80c37c0dPatch

https://git.kernel.org/stable/c/f7d00ee1c8082c8a134340aaf16d71a27e29c362Patch

Intelligence Graph · click any node to traverse

CVETechnique ActorTool Family

drag to reposition · click any node to traverse · button top-right enlarges

External lookups - second-class, for what we don’t hold ourselves

NVD CVE.org CISA Vulners Exploit-DB GitHub PoC VulnCheck KEV GreyNoise

Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities

Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs

Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures

Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1

About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service

threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin