In the Linux kernel, the following vulnerability has been resolved:
usb: gadget: fhid: don't call cdevinit while cdev in use
When calling unbind, then bind again, cdev_init reinitialized the cdev, even though there may still be references to it. That's the case when the /dev/hidg* device is still opened. This obviously unsafe behavior like oopes.
This fixes this by using cdevalloc to put the cdev on the heap. That way, we can simply allocate a new one in hidgbind.
{
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/31xxx/CVE-2026-31606.json",
"cna_assigner": "Linux"
}