CVE-2026-31724

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> usb: gadget: f_eem: Fix net_device lifecycle with device_move<br /> <br /> The net_device is allocated during function instance creation and<br /> registered during the bind phase with the gadget device as its sysfs<br /> parent. When the function unbinds, the parent device is destroyed, but<br /> the net_device survives, resulting in dangling sysfs symlinks:<br /> <br /> console:/ # ls -l /sys/class/net/usb0<br /> lrwxrwxrwx ... /sys/class/net/usb0 -&gt;<br /> /sys/devices/platform/.../gadget.0/net/usb0<br /> console:/ # ls -l /sys/devices/platform/.../gadget.0/net/usb0<br /> ls: .../gadget.0/net/usb0: No such file or directory<br /> <br /> Use device_move() to reparent the net_device between the gadget device<br /> tree and /sys/devices/virtual across bind and unbind cycles. During the<br /> final unbind, calling device_move(NULL) moves the net_device to the<br /> virtual device tree before the gadget device is destroyed. On rebinding,<br /> device_move() reparents the device back under the new gadget, ensuring<br /> proper sysfs topology and power management ordering.<br /> <br /> To maintain compatibility with legacy composite drivers (e.g., multi.c),<br /> the bound flag is used to indicate whether the network device is shared<br /> and pre-registered during the legacy driver&amp;#39;s bind phase.