Volerion logoVolerion
Volerion logoVolerion

Linux Kernel USB Gadget Function HID Device Use-After-Free Vulnerability

Vulnerability

A vulnerability in the Linux kernel's USB gadget function for HID devices can lead to a use-after-free issue. When the device is unbound and then re-bound, the character device is reinitialized, potentially while there are still active references to it. This can occur if the /dev/hidg* device is open, creating an unsafe situation that could lead to a crash. The vulnerability affects several versions of the Linux kernel.

Impact

The vulnerability can cause a use-after-free condition, leading to a potential crash or memory corruption.

Reproduction

The vulnerability can be reproduced by opening a /dev/hidg* device, then unbinding and rebinding the corresponding USB gadget function. This sequence of actions will trigger the unsafe behavior, as the character device is reinitialized while still in use.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been addressed.

Added: Apr 24, 2026, 5:49 PM
Updated: Apr 24, 2026, 5:49 PM

Vulnerability Rating

Custom Algorithm
spread
9.0
impact
2.5
exploitability
4.3
remediation
7.7
relevance
6.6
threat
4.8
urgency
2.9
incentive
0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.