CVE-2026-31754

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A state inconsistency occurs in the cdns3 USB driver when cdns3 gadget start() fails. In this scenario, the Dual-Role Device (DRD) hardware remains in gadget mode while the software state is marked as INACTIVE. If a user attempts to switch to host mode via the sysfs endpoint '/sys/class/usb role/13180000.usb-role-switch/role', the cdns role stop() function skips the necessary cleanup because the state is still INACTIVE. This violation of the DRD controller design specification can lead to a synchronous external abort in the xhci gen setup() function during host controller setup.

Recommendations Apply the fix that implements a call to the cdns drd gadget off() function in the error path to ensure the DRD gadget state is properly cleaned up.