U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
  1. Vulnerabilities

CVE-2026-31728 Detail

Description

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: u_ether: Fix race between gether_disconnect and eth_stop A race condition between gether_disconnect() and eth_stop() leads to a NULL pointer dereference. Specifically, if eth_stop() is triggered concurrently while gether_disconnect() is tearing down the endpoints, eth_stop() attempts to access the cleared endpoint descriptor, causing the following NPE: Unable to handle kernel NULL pointer dereference Call trace: __dwc3_gadget_ep_enable+0x60/0x788 dwc3_gadget_ep_enable+0x70/0xe4 usb_ep_enable+0x60/0x15c eth_stop+0xb8/0x108 Because eth_stop() crashes while holding the dev->lock, the thread running gether_disconnect() fails to acquire the same lock and spins forever, resulting in a hardlockup: Core - Debugging Information for Hardlockup core(7) Call trace: queued_spin_lock_slowpath+0x94/0x488 _raw_spin_lock+0x64/0x6c gether_disconnect+0x19c/0x1e8 ncm_set_alt+0x68/0x1a0 composite_setup+0x6a0/0xc50 The root cause is that the clearing of dev->port_usb in gether_disconnect() is delayed until the end of the function. Move the clearing of dev->port_usb to the very beginning of gether_disconnect() while holding dev->lock. This cuts off the link immediately, ensuring eth_stop() will see dev->port_usb as NULL and safely bail out.


Metrics

NVD enrichment efforts reference publicly available information to associate vector strings. CVSS information contributed by other sources is also displayed.
CVSS 4.0 Severity and Vector Strings:

NIST CVSS score
NIST: NVD
N/A
NVD assessment not yet provided.

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

URL Source(s) Tag(s)
https://git.kernel.org/stable/c/6ad77458637b78ec655e3da5f112c862e6690a9d kernel.org Patch 
https://git.kernel.org/stable/c/8ff689edfeceb5e3ec1623e09af2b2aa0f1098a8 kernel.org Patch 
https://git.kernel.org/stable/c/a259ba0bce3b192c04334499690372a250f7d0b1 kernel.org Patch 
https://git.kernel.org/stable/c/bbb09bb89ffa571475f66daca9482b974cd29d6a kernel.org Patch 
https://git.kernel.org/stable/c/e1e7a66584bf0aff3becb73c19fa31527889fc9e kernel.org Patch 
https://git.kernel.org/stable/c/e1eabb072c75681f78312c484ccfffb7430f206e kernel.org Patch 
https://git.kernel.org/stable/c/f02980594deef751e42133714aee25228f1494c6 kernel.org Patch 
https://git.kernel.org/stable/c/f6813c2b2ae78def76b69e0f9d72f80e4a1c4aca kernel.org Patch 

Weakness Enumeration

CWE-ID CWE Name Source
CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') cwe source acceptance level NIST  

Known Affected Software Configurations Switch to CPE 2.2

CPEs loading, please wait.

Denotes Vulnerable Software
Are we missing a CPE here? Please let us know.

Change History

2 change records found show changes

Quick Info

CVE Dictionary Entry:
CVE-2026-31728
NVD Published Date:
05/01/2026
NVD Last Modified:
05/07/2026
Source:
kernel.org