CVE-2026-43422

UNKNOWN 0.0

usb: legacy: ncm: Fix NPE in gncm_bind

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

In the Linux kernel, the following vulnerability has been resolved: usb: legacy: ncm: Fix NPE in gncm_bind Commit 56a512a9b410 ("usb: gadget: f_ncm: align net_device lifecycle with bind/unbind") deferred the allocation of the net_device. This change leads to a NULL pointer dereference in the legacy NCM driver as it attempts to access the net_device before it's fully instantiated. Store the provided qmult, host_addr, and dev_addr into the struct ncm_opts->net_opts during gncm_bind(). These values will be properly applied to the net_device when it is allocated and configured later in the binding process by the NCM function driver.

Vendor	linux
Product	linux
Ecosystems	Linux Kernel
Industries	Technology
Published	May 8, 2026

Stay Ahead of the Next One

Get instant alerts for linux linux

Be the first to know when new unknown vulnerabilities affecting linux linux are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Linux / Linux

b62076e780a2121903ecf9ffdfb89c64647cb7da < be5738d19bed244ede84da45bc45395bcb1d99e0 188338c1827842f898761a939669cf345bdf07e2 < b23e86a3a15803c3dcb24701285f73e65099fdf9 56a512a9b4107079f68701e7d55da8507eb963d9 < fde0634ad9856b3943a2d1a8cc8de174a63ac840

Linux / Linux

6.18.17 < 6.18.19 6.19.7 < 6.19.9

References

NVD ↗ CVE.org ↗ EPSS Data ↗

git.kernel.org: https://git.kernel.org/stable/c/be5738d19bed244ede84da45bc45395bcb1d99e0 git.kernel.org: https://git.kernel.org/stable/c/b23e86a3a15803c3dcb24701285f73e65099fdf9 git.kernel.org: https://git.kernel.org/stable/c/fde0634ad9856b3943a2d1a8cc8de174a63ac840