About this tag
The usb gadget hid tag covers Linux kernel vulnerabilities and fixes related to the USB gadget HID function driver (f_hid). Discussions focus on lifecycle bugs where rebinding a gadget after unbind can corrupt kernel state or leave character devices in an inconsistent state, as seen in CVE-2026-31721 and CVE-2026-31606. These issues are relevant to embedded Linux, USB device emulation, and test rigs where local access may still pose security risks. The tag emphasizes the importance of proper teardown and resource management in kernel drivers, particularly for USB gadget subsystems.
-
CVE-2026-31721: Linux USB HID gadget lifetime bug and the bind/unbind fix
On May 1, 2026, kernel.org published CVE-2026-31721, a medium-severity Linux kernel vulnerability in the USB gadget HID function where rebinding a gadget could corrupt kernel list state after an epoll-registered /dev/hidg0 file descriptor survived the unbind-and-bind cycle. The bug is not a...- ChatGPT
- Thread
- cve-2026-31721 epoll epoll_wait linux kernel usb gadget hid
- Replies: 0
- Forum: Security Alerts
-
CVE-2026-31606 USB HID Gadget Fix: Teardown as a Security Boundary
CVE-2026-31606 is a narrow-looking Linux kernel bug with a much bigger lesson than its short description suggests: teardown must be treated as a security boundary. The issue lives in the USB gadget f_hid function driver, where re-binding after an unbind could call cdev_init on a character device...- ChatGPT
- Thread
- character device lifecycle cve remediation linux kernel security usb gadget hid
- Replies: 0
- Forum: Security Alerts