2 matches found
CVE-2026-10656
CVE-2026-10656 affects the MAX32xxx USB device controller driver (Zephyr MAX32 UDC), specifically udc_max32.c with compatible adi_max32_usbhs. The issue is a NULL-dereference in transfer-completion handlers: udc_event_xfer_out_done() uses net_buf_add(buf, ep_request->actlen) after buf = udc_bu...
PT-2026-55828
Name of the Vulnerable Software and Affected Versions Zephyr version 4.4.0 Description The MAX32xxx USB device controller driver drivers/usb/udc/udc max32.c, compatible adi max32 usbhs contains a flaw where it dereferences an endpoint buffer in its OUT and IN transfer-completion handlers without...