CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

AstraLinux•added 6 days ago•4 views

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: usb: cdns3: gadget: Use-after-free during failed initialization and exit of cdnsp gadget In the cdnspgadgetinit and cdnspgadgetexit functions, the gadget structure pdev-gadget was freed before its endpoints. The endpoints are...

5.6AI score0.00161EPSS

Exploits0References1

AstraLinux•added 6 days ago•4 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: usb: cdns3: Fixed deadlock issue when using the NCM gadget The cdns3 driver suffers from the same deadlock issue as fixed in cdnsp with the commit 58f2fcb3a845 „usb: cdnsp: Fixed deadlock issue during use of the NCM gadget”. Unde...

5.5CVSS6.1AI score0.00128EPSS

AstraLinux•added 6 days ago•11 views

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: usb: cdns3 – Fix for use-after-free at workaround 2 BUG: KFENCE – Use-after-free during read operation in listdelentryvalid+0x10/0xac The code snippet is as follows: c cdns3wa2removeoldrequest … kfreeprivreq-request.buf;...

7.8CVSS6.2AI score0.00159EPSS

Tenable Nessus•added 2026/05/29 12:0 a.m.•8 views

Linux Distros Unpatched Vulnerability : CVE-2026-45911

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - usb: cdns3: fix role switching during resume If the role change while we are suspended, the cdns3 driver switches to the new mode during resume. However,...

5.5CVSS5.8AI score0.00206EPSS

SUSE CVE•added 2026/05/28 3:56 a.m.•7 views

SUSE CVE-2026-45911

In the Linux kernel, the following vulnerability has been resolved: usb: cdns3: fix role switching during resume If the role change while we are suspended, the cdns3 driver switches to the new mode during resume. However, switching to host mode in this context causes a NULL pointer dereference. T...

EUVD•added 2026/05/27 3:33 p.m.•10 views

EUVD-2026-32377

NVD•added 2026/05/27 2:17 p.m.•10 views

Exploits0References8

CVE-2026-45911

5.5CVSS0.00206EPSS

Exploits0References7

OSV•added 2026/05/27 2:17 p.m.•5 views

UBUNTU-CVE-2026-45911

5.5CVSS5.7AI score0.00206EPSS

CVE•added 2026/05/27 12:17 p.m.•16 views

CVE-2026-45911

CVE-2026-45911 affects the Linux kernel USB3 (cdns3) driver. When a USB role switch to host occurs during resume, the host path can dereference an uninitialized xhci-hcd device, causing a NULL pointer dereference. The fixed behavior is to skip the resume operation for the newly chosen role if a r...

5.5CVSS5.8AI score0.00206EPSS

Exploits0References7Affected Software1

Debian CVE•added 2026/05/27 12:17 p.m.•8 views

CVE-2026-45911

5.5CVSS5.7AI score0.00206EPSS

Exploits0

UbuntuCve•added 2026/05/27 12:0 a.m.•5 views

CVE-2026-45911

usb: cdns3: fix role switching during resume...

CNNVD•added 2026/05/27 12:0 a.m.•6 views

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel. This vulnerability arises from the cdns3 USB driver’s role switching during recovery. During this process, the resume...

SUSE CVE•added 2026/05/06 1:43 a.m.•8 views

Exploits0References7

SUSE CVE-2026-31755

In the Linux kernel, the following vulnerability has been resolved: usb: cdns3: gadget: fix NULL pointer dereference in epqueue When the gadget endpoint is disabled or not yet configured, the ep-desc pointer can be NULL. This leads to a NULL pointer dereference when cdns3gadgetepqueue is called,...

5.5CVSS5.8AI score0.00123EPSS

AstraLinux•added 2026/05/03 11:59 p.m.•10 views

Astra Linux - уязвимость в linux-5.15

In the Linux kernel, the following vulnerability has been resolved: usb: cdns3: Fix for a random warning message when loading drivers Warning log: 4.141392 Unexpected gfp: 0x4 GFPDMA32. Fixing up to gfp: 0xa20 GFPATOMIC. Fix your code! 4.150340 CPU: 1 PID: 175 Comm: 1-0050 Not tainted...

7.8CVSS6AI score0.00162EPSS

AstraLinux•added 2026/05/03 11:59 p.m.•3 views

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: usb: cdns3: Fixed a memory double-free issue when handling zero-length packets. Line 829: If request-complete, then: 830 – Unlock the lock of privdev. 831 – Called usbgadgetgivebackrequest&privep-endpoint, request. 833 – Lock the...

7.8CVSS5.3AI score0.00242EPSS

AstraLinux•added 2026/05/03 11:59 p.m.•7 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: usb: cdns3: The part of the cdns set that activates the state should be placed outside the spin lock. The device may be scheduled during the resume process; therefore, this issue cannot occur in atomic operations. Since...

5.5CVSS5.2AI score0.00135EPSS

Exploits0References1

AstraLinux•added 2026/05/03 11:59 p.m.•2 views

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: usb: cdns3: fixed memory usage after freeing variables at cdns3gadgetepdisable ... cdns3gadgetepfreerequest&privep-endpoint, &privreq-request; listdelinit&privreq-list; ‘privreq’ is actually freed during...

7.8CVSS6AI score0.00245EPSS