Volerion logoVolerion
Volerion logoVolerion

Linux Kernel Cadence USB3 Gadget NULL Pointer Dereference Vulnerability

Vulnerability

A NULL pointer dereference vulnerability has been identified in the Linux kernel's USB Cadence 3.0 gadget driver. This issue occurs when a gadget endpoint is disabled or not yet configured, leading to a crash in the kernel. The vulnerability arises because the endpoint's descriptor pointer can be NULL, causing a dereference error when the endpoint queueing function is called. The problem has been addressed by adding a check to return an appropriate error code for unconfigured endpoints, preventing crashes when the queueing function is called on endpoints that are not ready.

Impact

Exploitation of this vulnerability leads to a kernel crash due to a NULL pointer dereference.

Reproduction

The vulnerability can be reproduced by disabling a gadget endpoint or using one that is not yet configured. When the endpoint queueing function is called in this state, the kernel will crash due to the NULL pointer dereference.

Remediation

Users can upgrade to the patched version of the Linux kernel available in the Linux Kernel Git Repository.

Added: May 1, 2026, 4:35 PM
Updated: May 1, 2026, 4:35 PM

Vulnerability Rating

Custom Algorithm
spread
9.0
impact
2.5
exploitability
3.9
remediation
7.7
relevance
7.2
threat
4.8
urgency
2.9
incentive
0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.