CVE-2026-43422

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> usb: legacy: ncm: Fix NPE in gncm_bind<br /> <br /> Commit 56a512a9b410 ("usb: gadget: f_ncm: align net_device lifecycle<br /> with bind/unbind") deferred the allocation of the net_device. This<br /> change leads to a NULL pointer dereference in the legacy NCM driver as<br /> it attempts to access the net_device before it&amp;#39;s fully instantiated.<br /> <br /> Store the provided qmult, host_addr, and dev_addr into the struct<br /> ncm_opts-&gt;net_opts during gncm_bind(). These values will be properly<br /> applied to the net_device when it is allocated and configured later in<br /> the binding process by the NCM function driver.