In the Linux kernel, the following vulnerability has been resolved:
usb: gadget: fncm: Fix netdevice lifecycle with device_move
The network device outlived its parent gadget device during disconnection, resulting in dangling sysfs links and null pointer dereference problems.
A prior attempt to solve this by removing SETNETDEVDEV entirely [1] was reverted due to power management ordering concerns and a NO-CARRIER regression.
A subsequent attempt to defer net_device allocation to bind [2] broke 1:1 mapping between function instance and network device, making it impossible for configfs to report the resolved interface name. This results in a regression where the DHCP server fails on pmOS.
Use devicemove to reparent the netdevice between the gadget device and /sys/devices/virtual/ across bind/unbind cycles. This preserves the network interface across USB reconnection, allowing the DHCP server to retain their binding.
Introduce getherattachgadget()/getherdetachgadget() helpers and use _free(detachgadget) macro to undo attachment on bind failure. The bindcount ensures devicemove executes only on the first bind.
[1] https://lore.kernel.org/lkml/f2a4f9847617a0929d62025748384092e5f35cce.camel@crapouillou.net/ [2] https://lore.kernel.org/linux-usb/795ea759-7eaf-4f78-81f4-01ffbf2d7961@ixit.cz/
{
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/43xxx/CVE-2026-43421.json",
"cna_assigner": "Linux"
}