Main Vulnerability Database SB2026011418

SB2026011418 - Use-after-free in Linux kernel gadget function driver

Published: January 14, 2026

Security Bulletin ID SB2026011418

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Use-after-free (CVE-ID: CVE-2025-71074)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ffs_ep0_read(), ffs_epfile_io(), ffs_dmabuf_put() and ffs_epfiles_create() functions in drivers/usb/gadget/function/f_fs.c. A local user can escalate privileges on the system.

Remediation

Install update from vendor's website.

References

https://git.kernel.org/stable/c/b49c766856fb5901490de577e046149ebf15e39d
https://git.kernel.org/stable/c/e5bf5ee266633cb18fff6f98f0b7d59a62819eee