{"id":"CVE-2026-31755","summary":"usb: cdns3: gadget: fix NULL pointer dereference in ep_queue","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nusb: cdns3: gadget: fix NULL pointer dereference in ep_queue\n\nWhen the gadget endpoint is disabled or not yet configured, the ep-\u003edesc\npointer can be NULL. This leads to a NULL pointer dereference when\n__cdns3_gadget_ep_queue() is called, causing a kernel crash.\n\nAdd a check to return -ESHUTDOWN if ep-\u003edesc is NULL, which is the\nstandard return code for unconfigured endpoints.\n\nThis prevents potential crashes when ep_queue is called on endpoints\nthat are not ready.","modified":"2026-05-18T05:59:54.762237069Z","published":"2026-05-01T14:14:46.288Z","database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/31xxx/CVE-2026-31755.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/14bf08ab2cdfcdfd3f13e799d06692a1b3e0745f"},{"type":"WEB","url":"https://git.kernel.org/stable/c/390536cc6af4ca5566bc3bf1f8b704700380cd2c"},{"type":"WEB","url":"https://git.kernel.org/stable/c/3d1433fe34b224b90259e207e5389e95b504ef04"},{"type":"WEB","url":"https://git.kernel.org/stable/c/7f6f127b9bc34bed35f56faf7ecb1561d6b39000"},{"type":"WEB","url":"https://git.kernel.org/stable/c/9ab9b0e5fcdac325f950fc8b6caa08a9e22a0db9"},{"type":"WEB","url":"https://git.kernel.org/stable/c/d61446dfc9d387775bb1b95b081953201b9222af"},{"type":"WEB","url":"https://git.kernel.org/stable/c/fb2ad0c1334a3eccfe4ed203f9eef5a4879226f6"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/31xxx/CVE-2026-31755.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-31755"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"7733f6c32e36ff9d7adadf40001039bf219b1cbe"},{"fixed":"3d1433fe34b224b90259e207e5389e95b504ef04"},{"fixed":"fb2ad0c1334a3eccfe4ed203f9eef5a4879226f6"},{"fixed":"9ab9b0e5fcdac325f950fc8b6caa08a9e22a0db9"},{"fixed":"d61446dfc9d387775bb1b95b081953201b9222af"},{"fixed":"390536cc6af4ca5566bc3bf1f8b704700380cd2c"},{"fixed":"14bf08ab2cdfcdfd3f13e799d06692a1b3e0745f"},{"fixed":"7f6f127b9bc34bed35f56faf7ecb1561d6b39000"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-31755.json"}},{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"5.4.0"},{"fixed":"5.15.203"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.16.0"},{"fixed":"6.1.168"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.2.0"},{"fixed":"6.6.134"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.7.0"},{"fixed":"6.12.81"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.13.0"},{"fixed":"6.18.22"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.19.0"},{"fixed":"6.19.12"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-31755.json"}}],"schema_version":"1.7.5"}