CVE-2026-31755

When the gadget endpoint is disabled or not yet configured, the ep->desc pointer can be NULL. This leads to a NULL pointer dereference when _cdns3gadgetepqueue() is called, causing a kernel crash.

Add a check to return -ESHUTDOWN if ep->desc is NULL, which is the standard return code for unconfigured endpoints.

This prevents potential crashes when ep_queue is called on endpoints that are not ready.

Database specific

{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/31xxx/CVE-2026-31755.json"
}

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

7733f6c32e36ff9d7adadf40001039bf219b1cbe

Fixed

3d1433fe34b224b90259e207e5389e95b504ef04

Fixed

fb2ad0c1334a3eccfe4ed203f9eef5a4879226f6

Fixed

9ab9b0e5fcdac325f950fc8b6caa08a9e22a0db9

Fixed

d61446dfc9d387775bb1b95b081953201b9222af

Fixed

390536cc6af4ca5566bc3bf1f8b704700380cd2c

Fixed

14bf08ab2cdfcdfd3f13e799d06692a1b3e0745f

Fixed

7f6f127b9bc34bed35f56faf7ecb1561d6b39000

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-31755.json"

Linux / Kernel

Package

Name: Kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

5.4.0

Fixed

5.15.203

Type: ECOSYSTEM
Events: Introduced

5.16.0

Fixed

6.1.168

Type: ECOSYSTEM
Events: Introduced

6.2.0

Fixed

6.6.134

Type: ECOSYSTEM
Events: Introduced

6.7.0

Fixed

6.12.81

Type: ECOSYSTEM
Events: Introduced

6.13.0

Fixed

6.18.22

Type: ECOSYSTEM
Events: Introduced

6.19.0

Fixed

6.19.12

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-31755.json"