Medium severity5.5NVD Advisory· Published May 8, 2026· Updated May 22, 2026
CVE-2026-43422
CVE-2026-43422
Description
In the Linux kernel, the following vulnerability has been resolved:
usb: legacy: ncm: Fix NPE in gncm_bind
Commit 56a512a9b410 ("usb: gadget: f_ncm: align net_device lifecycle with bind/unbind") deferred the allocation of the net_device. This change leads to a NULL pointer dereference in the legacy NCM driver as it attempts to access the net_device before it's fully instantiated.
Store the provided qmult, host_addr, and dev_addr into the struct ncm_opts->net_opts during gncm_bind(). These values will be properly applied to the net_device when it is allocated and configured later in the binding process by the NCM function driver.
Affected products
1Patches
Vulnerability mechanics
References
3News mentions
0No linked articles in our index yet.