CVE-2026-43421

Source
https://cve.org/CVERecord?id=CVE-2026-43421
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-43421.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-43421
Downstream
Published
2026-05-08T14:21:56.363Z
Modified
2026-07-15T01:48:58.925814049Z
Summary
usb: gadget: f_ncm: Fix net_device lifecycle with device_move
Details

In the Linux kernel, the following vulnerability has been resolved:

usb: gadget: fncm: Fix netdevice lifecycle with device_move

The network device outlived its parent gadget device during disconnection, resulting in dangling sysfs links and null pointer dereference problems.

A prior attempt to solve this by removing SETNETDEVDEV entirely [1] was reverted due to power management ordering concerns and a NO-CARRIER regression.

A subsequent attempt to defer net_device allocation to bind [2] broke 1:1 mapping between function instance and network device, making it impossible for configfs to report the resolved interface name. This results in a regression where the DHCP server fails on pmOS.

Use devicemove to reparent the netdevice between the gadget device and /sys/devices/virtual/ across bind/unbind cycles. This preserves the network interface across USB reconnection, allowing the DHCP server to retain their binding.

Introduce getherattachgadget()/getherdetachgadget() helpers and use _free(detachgadget) macro to undo attachment on bind failure. The bindcount ensures devicemove executes only on the first bind.

[1] https://lore.kernel.org/lkml/f2a4f9847617a0929d62025748384092e5f35cce.camel@crapouillou.net/ [2] https://lore.kernel.org/linux-usb/795ea759-7eaf-4f78-81f4-01ffbf2d7961@ixit.cz/

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/43xxx/CVE-2026-43421.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
40d133d7f542616cf9538508a372306e626a16e9
Fixed
7c97366f5dac5255e60a317ffe3a5b18f3745547
Fixed
36c41e9724c9a7a7cda37f5a4e9d94f25c8031c4
Fixed
93f116c3393a22acab96ad1bef12b2572eb80ca4
Fixed
e584cb58a2ea7ff4d3a4bc43d5ca512ed3ecb77d
Fixed
85acaba2f42b557499bab3608307f17bf13beb69
Fixed
ec35c1969650e7cb6c8a91020e568ed46e3551b0

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-43421.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
3.11.0
Fixed
6.1.176
Type
ECOSYSTEM
Events
Introduced
6.2.0
Fixed
6.6.143
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.12.78
Type
ECOSYSTEM
Events
Introduced
6.13.0
Fixed
6.18.19
Type
ECOSYSTEM
Events
Introduced
6.19.0
Fixed
6.19.9

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-43421.json"