Upstream information
Description
In the Linux kernel, the following vulnerability has been resolved:usb: cdns3: gadget: fix NULL pointer dereference in ep_queue
When the gadget endpoint is disabled or not yet configured, the ep->desc
pointer can be NULL. This leads to a NULL pointer dereference when
__cdns3_gadget_ep_queue() is called, causing a kernel crash.
Add a check to return -ESHUTDOWN if ep->desc is NULL, which is the
standard return code for unconfigured endpoints.
This prevents potential crashes when ep_queue is called on endpoints
that are not ready.
SUSE information
Overall state of this security issue: Does not affect SUSE products
SUSE Bugzilla entry: 1264071 [NEW] No SUSE Security Announcements cross referenced.SUSE Timeline for this CVE
CVE page created: Tue May 5 15:28:37 2026CVE page last modified: Fri May 8 12:08:52 2026