HOMEVULNERABILITIESCVE-2026-31754
NONE

CVE-2026-31754

Published: May 1, 2026· Updated: May 1, 2026

EPSS:0.03%probability of exploitation in 30 daysPercentile:8.6th

Official Description

In the Linux kernel, the following vulnerability has been resolved:

usb: cdns3: gadget: fix state inconsistency on gadget init failure

When cdns3_gadget_start() fails, the DRD hardware is left in gadget mode

while software state remains INACTIVE, creating hardware/software state

inconsistency.

When switching to host mode via sysfs:

echo host > /sys/class/usb_role/13180000.usb-role-switch/role

The role state is not set to CDNS_ROLE_STATE_ACTIVE due to the error,

so cdns_role_stop() skips cleanup because state is still INACTIVE.

This violates the DRD controller design specification (Figure22),

which requires returning to idle state before switching roles.

This leads to a synchronous external abort in xhci_gen_setup() when

setting up the host controller:

[ 516.440698] configfs-gadget 13180000.usb: failed to start g1: -19

[ 516.442035] cdns-usb3 13180000.usb: Failed to add gadget

[ 516.443278] cdns-usb3 13180000.usb: set role 2 has failed

...

[ 1301.375722] xhci-hcd xhci-hcd.1.auto: xHCI Host Controller

[ 1301.377716] Internal error: synchronous external abort: 96000010 [#1] PREEMPT SMP

[ 1301.382485] pc : xhci_gen_setup+0xa4/0x408

[ 1301.393391] backtrace:

...

xhci_gen_setup+0xa4/0x408 <-- CRASH

xhci_plat_setup+0x44/0x58

usb_add_hcd+0x284/0x678

...

cdns_role_set+0x9c/0xbc <-- Role switch

Fix by calling cdns_drd_gadget_off() in the error path to properly

clean up the DRD gadget state.

NVD Source

Technical Analysis

CVE-2026-31754 requires local access, meaning attackers must already have a foothold on the target system.

Exploitation requires some privileges, which limits the exposure to scenarios where an attacker has already gained initial access.

Affected Vendors & Products

Mentioned vendors (from description):
Linux
CPE data not yet available in NVD for this CVE.

Exploit & PoC Resources

NO KNOWN EXPLOITNo public exploit confirmed at this time
External links open in a new tab. Always verify in a controlled environment before use.

All References (7)

Quick Facts

CVE IDCVE-2026-31754
SeverityNONE
CISA KEVNo
EPSS (30d)0.03%
PublishedMay 1, 2026

Recommended Actions

  • Apply vendor patches immediately
  • Monitor CVE-2026-31754 in threat intel feeds
  • Review IDS/IPS signatures for exploitation attempts
Data sourced from NVD (NIST), CISA KEV, and EPSS (FIRST). Analysis generated by CTIWATCH.COM. CVE data is provided under the NVD usage policy.