CVE-2026-23320

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel’s Network Controller Multiplexer (NCM) gadget driver has an issue where the lifecycle of the network device is not correctly aligned with the USB connection’s bind and unbind operations. Currently, the network device is allocated during configuration instance allocation and freed during instance deallocation, rather than being tied to the USB connection. This decoupling can lead to two problems: a NULL pointer dereference upon USB disconnection and dangling sysfs symbolic links. The issue occurs because the network device can outlive its parent device when the USB gadget is disconnected. The fix involves moving the network device allocation to the bind function and deallocation to the unbind function, ensuring the network interface exists only when the gadget function is bound to a configuration. To support pre-bind configuration, user-provided options are cached and applied to the network device upon creation. The fix also preserves a use-after-free fix from a previous commit.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.