CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

32 matches found

AstraLinux•added 2026/06/19 11:10 a.m.•6 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: usb: cdns3: change place of ‘privep’ assignment in cdns3gadgetepdequeue, cdns3gadgetepenable If ‘ep’ is NULL, the result of eptocdns3epep is an invalid pointer. Dereferencing ‘privep-cdns3dev’ with this pointer may cause a panic...

5.5CVSS5.5AI score0.00155EPSS

Exploits0References2

Tenable Nessus•added 2026/05/02 12:0 a.m.•6 views

Linux Distros Unpatched Vulnerability : CVE-2026-31754

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - usb: cdns3: gadget: fix state inconsistency on gadget init failure When cdns3gadgetstart fails, the DRD hardware is left in gadget mode while software state...

5.5CVSS5.8AI score0.00123EPSS

Exploits0References4

Tenable Nessus•added 2026/05/02 12:0 a.m.•5 views

Linux Distros Unpatched Vulnerability : CVE-2026-31755

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - usb: cdns3: gadget: fix NULL pointer dereference in epqueue When the gadget endpoint is disabled or not yet configured, the ep-desc pointer can be NULL. This...

5.5CVSS5.8AI score0.00123EPSS

Exploits0References4

RedhatCVE•added 2026/05/01 10:24 p.m.•7 views

CVE-2026-31755

A flaw was found in the Linux kernel's cdns3 USB gadget driver. When a gadget endpoint is disabled or not yet configured, a NULL pointer dereference can occur in the epqueue function. This can lead to a kernel crash, resulting in a denial of service DoS on the affected system...

5.5CVSS5.8AI score0.00123EPSS

Exploits0References4

RedhatCVE•added 2026/05/01 10:17 p.m.•7 views

CVE-2026-31754

A flaw was found in the Linux kernel's USB subsystem, specifically within the cdns3 gadget driver. A local user could exploit this vulnerability by attempting to switch the USB role to host mode after a gadget initialization failure. This state inconsistency can lead to a system crash, resulting ...

5.5CVSS5.8AI score0.00123EPSS

Exploits0References4

NVD•added 2026/05/01 3:16 p.m.•4 views

CVE-2026-31755

In the Linux kernel, the following vulnerability has been resolved: usb: cdns3: gadget: fix NULL pointer dereference in epqueue When the gadget endpoint is disabled or not yet configured, the ep-desc pointer can be NULL. This leads to a NULL pointer dereference when cdns3gadgetepqueue is called,...

5.5CVSS0.00123EPSS

Exploits0References7

NVD•added 2026/05/01 3:16 p.m.•8 views

CVE-2026-31754

In the Linux kernel, the following vulnerability has been resolved: usb: cdns3: gadget: fix state inconsistency on gadget init failure When cdns3gadgetstart fails, the DRD hardware is left in gadget mode while software state remains INACTIVE, creating hardware/software state inconsistency. When...

5.5CVSS0.00123EPSS

Exploits0References7

Debian CVE•added 2026/05/01 2:14 p.m.•4 views

CVE-2026-31755

5.5CVSS5.7AI score0.00123EPSS

Exploits0

EUVD•added 2026/05/01 2:14 p.m.•12 views

EUVD-2026-26568

5.8AI score0.00123EPSS

Exploits0References7

EUVD•added 2026/05/01 2:14 p.m.•8 views

EUVD-2026-26567

5.7AI score0.00123EPSS

Exploits0References7

Debian CVE•added 2026/05/01 2:14 p.m.•3 views

CVE-2026-31754

5.5CVSS5.7AI score0.00123EPSS

Exploits0

Cvelist•added 2026/05/01 2:14 p.m.•29 views

CVE-2026-31754 usb: cdns3: gadget: fix state inconsistency on gadget init failure

0.00123EPSS

Exploits0References7

CVE•added 2026/05/01 2:14 p.m.•43 views

CVE-2026-31754

The CVE-2026-31754 issue affects the Linux kernel’s USB DRD/CDNS3 gadget path. When cdns3_gadget_start() fails, the DRD hardware remains in gadget mode while software state is INACTIVE, causing hardware/software state inconsistency. This can lead to a failed host-mode switch via sysfs (role switc...

5.5CVSS5.7AI score0.00123EPSS

Exploits0References7Affected Software1

CNNVD•added 2026/05/01 12:0 a.m.•8 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the usb cdns3 gadget driver not checking when the ep-desc pointer is null in the epqueue, which could result...

5.5CVSS5.8AI score0.00123EPSS

Exploits0References1

Tenable Nessus•added 2025/12/31 12:0 a.m.•2 views

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-993039)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-993039 advisory. In the Linux kernel, the following vulnerability has been resolved: usb: cdns3: change place of 'privep' assignment in cdns3gadgetepdequeue, cdns3gadgetepenable If...

5.5CVSS6.1AI score0.00155EPSS

Exploits0References4

Tenable Nessus•added 2025/12/30 12:0 a.m.•2 views

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2025-992595)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992595 advisory. In the Linux kernel, the following vulnerability has been resolved: usb: cdns3: change place of 'privep' assignment in cdns3gadgetepdequeue, cdns3gadgetepenable If...

5.5CVSS6.1AI score0.00155EPSS

Exploits0References4

RedhatCVE•added 2025/12/10 10:15 a.m.•12 views

CVE-2025-40314

In the Linux kernel, the following vulnerability has been resolved: usb: cdns3: gadget: Use-after-free during failed initialization and exit of cdnsp gadget In the cdnspgadgetinit and cdnspgadgetexit functions, the gadget structure pdev-gadget was freed before its endpoints. The endpoints are...

5.8AI score0.00161EPSS

Exploits0References4