-

CVE-2026-43424

EPSS 0.03%
Veröffentlicht 08.05.2026 14:21:58
Zuletzt bearbeitet 12.05.2026 14:10:27
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

usb: gadget: f_tcm: Fix NULL pointer dereferences in nexus handling

In the Linux kernel, the following vulnerability has been resolved:

usb: gadget: f_tcm: Fix NULL pointer dereferences in nexus handling

The `tpg->tpg_nexus` pointer in the USB Target driver is dynamically
managed and tied to userspace configuration via ConfigFS. It can be
NULL if the USB host sends requests before the nexus is fully
established or immediately after it is dropped.

Currently, functions like `bot_submit_command()` and the data
transfer paths retrieve `tv_nexus = tpg->tpg_nexus` and immediately
dereference `tv_nexus->tvn_se_sess` without any validation. If a
malicious or misconfigured USB host sends a BOT (Bulk-Only Transport)
command during this race window, it triggers a NULL pointer
dereference, leading to a kernel panic (local DoS).

This exposes an inconsistent API usage within the module, as peer
functions like `usbg_submit_command()` and `bot_send_bad_response()`
correctly implement a NULL check for `tv_nexus` before proceeding.

Fix this by bringing consistency to the nexus handling. Add the
missing `if (!tv_nexus)` checks to the vulnerable BOT command and
request processing paths, aborting the command gracefully with an
error instead of crashing the system.

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 10

CNA 2 VulnDex Vulnerability Enrichment 14

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version c52661d60f636d17e26ad834457db333bd1df494

Version < b9b26d7f3aa288cfa54a7bc68612bab1f153f156

Status affected

Version c52661d60f636d17e26ad834457db333bd1df494

Version < 2a2ef846a54a06c33b5c2d4b0d918583e1e7c0b7

Status affected

Version c52661d60f636d17e26ad834457db333bd1df494

Version < d146f27758049fa55ae4c53785a852d3cf7a18d6

Status affected

Version c52661d60f636d17e26ad834457db333bd1df494

Version < f962ca3b020e13d6714f27e8c36fe742441c58d1

Status affected

Version c52661d60f636d17e26ad834457db333bd1df494

Version < 679d9535aeb15c10bce89c44102004b96624d706

Status affected

Version c52661d60f636d17e26ad834457db333bd1df494

Version < 3d309b37633c4a847fc149939a2c9576f1aa1065

Status affected

Version c52661d60f636d17e26ad834457db333bd1df494

Version < b9fde507355342a2d64225d582dc8b98ff5ecb19

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 3.5

Status affected

Version 0

Version < 3.5

Status unaffected

Version <= 5.10.*

Version 5.10.253

Status unaffected

Version <= 6.1.*

Version 6.1.167

Status unaffected

Version <= 6.6.*

Version 6.6.130

Status unaffected

Version <= 6.12.*

Version 6.12.78

Status unaffected

Version <= 6.18.*

Version 6.18.19

Status unaffected

Version <= 6.19.*

Version 6.19.9

Status unaffected

Version <= *

Version 7.0

Status unaffected

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.094

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://git.kernel.org/stable/c/b9b26d7f3aa288cfa54a7bc68612bab1f153f156

https://git.kernel.org/stable/c/2a2ef846a54a06c33b5c2d4b0d918583e1e7c0b7

https://git.kernel.org/stable/c/d146f27758049fa55ae4c53785a852d3cf7a18d6

https://git.kernel.org/stable/c/f962ca3b020e13d6714f27e8c36fe742441c58d1

https://git.kernel.org/stable/c/679d9535aeb15c10bce89c44102004b96624d706

https://git.kernel.org/stable/c/3d309b37633c4a847fc149939a2c9576f1aa1065

https://git.kernel.org/stable/c/b9fde507355342a2d64225d582dc8b98ff5ecb19

https://nvd.nist.gov/vuln/detail/CVE-2026-43424

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-43424

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-43424

EUVD