CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

28 matches found

RedhatCVE•added 2026/05/08 11:15 p.m.•6 views

CVE-2026-43421

A flaw was found in the Linux kernel's USB gadget function for Network Control Model NCM. During device disconnection, a network device could outlive its parent gadget device, leading to dangling system file system sysfs links and null pointer dereference problems. This vulnerability can result i...

5.5CVSS5.8AI score0.00013EPSS

Exploits0References4

EUVD•added 2026/05/08 3:31 p.m.•5 views

EUVD-2026-28728

In the Linux kernel, the following vulnerability has been resolved: usb: legacy: ncm: Fix NPE in gncmbind Commit 56a512a9b410 "usb: gadget: fncm: align netdevice lifecycle with bind/unbind" deferred the allocation of the netdevice. This change leads to a NULL pointer dereference in the legacy NCM...

5.7AI score0.00013EPSS

Exploits0References4

Debian CVE•added 2026/05/08 2:21 p.m.•8 views

CVE-2026-43422

5.5CVSS5.7AI score0.00013EPSS

Exploits0

Positive Technologies•added 2026/05/08 12:0 a.m.•7 views

PT-2026-39083

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A NULL pointer dereference occurs in the legacy NCM driver within the gncm bind function. This issue arises because the driver attempts to access the net device before it is fully...

5.8AI score0.00013EPSS

Exploits0References6

RedhatCVE•added 2026/04/03 6:22 p.m.•3 views

CVE-2026-23447

A flaw was found in the USB CDC NCM Network Control Model driver in the Linux kernel. This vulnerability, a bounds-check bug, occurs when processing NCM Datagram Pointer NDP32 frames. It fails to correctly account for the ndpoffset, which can lead to out-of-bounds reads. This could result in...

7.8CVSS5.8AI score0.00015EPSS

Exploits0References4

Tenable Nessus•added 2025/12/31 12:0 a.m.•3 views

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-992790)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992790 advisory. In the Linux kernel, the following vulnerability has been resolved: usb: cdns3: Fix deadlock when using NCM gadget The cdns3 driver has the same NCM deadlock as fixe...

5.5CVSS6.2AI score0.00051EPSS

Exploits0References4

Tenable Nessus•added 2025/11/05 12:0 a.m.•2 views

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989908)

"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989908 advisory. In the Linux kernel, the following vulnerability has been resolved: usb: gadget: fncm: fix potential NULL ptr deref in ncmbitrate In Google internal bug 265639009...

5.5CVSS6.1AI score0.00012EPSS

Exploits0References4

Debian CVE•added 2025/10/07 3:21 p.m.•4 views

CVE-2023-53667

In the Linux kernel, the following vulnerability has been resolved: net: cdcncm: Deal with too low values of dwNtbOutMaxSize Currently in cdcncmchecktxmax, if dwNtbOutMaxSize is lower than the calculated "min" value, but greater than zero, the logic sets txmax to dwNtbOutMaxSize. This is then use...

5.5CVSS5.4AI score0.0002EPSS

Exploits0

Tenable Nessus•added 2025/08/15 12:0 a.m.•4 views

Linux Distros Unpatched Vulnerability : CVE-2025-37812

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - usb: cdns3: Fix deadlock when using NCM gadget The cdns3 driver has the same NCM deadlock as fixed in cdnsp by commit 58f2fcb3a845 usb: cdnsp: Fix deadlock issu...

5.5CVSS6.8AI score0.00051EPSS

Exploits0References3

Microsoft CVE•added 2025/07/11 7:0 a.m.•3 views

usb: cdns3: Fix deadlock when using NCM gadget

...

5.5CVSS7.2AI score0.00051EPSS

Exploits0

OSV•added 2024/08/21 7:15 a.m.•1 views

UBUNTU-CVE-2023-52894

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: fncm: fix potential NULL ptr deref in ncmbitrate In Google internal bug 265639009 we've received an as yet unreproducible crash report from an aarch64 GKI 5.10.149-android13 running device. AFAICT the source code is...

5.5CVSS5.8AI score0.00012EPSS

Exploits0References10

SUSE CVE•added 2024/05/18 2:46 a.m.•4 views

SUSE CVE-2024-27405

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: ncm: Avoid dropping datagrams of properly parsed NTBs It is observed sometimes when tethering is used over NCM with Windows 11 as host, at some instances, the gadgetgiveback has one byte appended at the end of a prop...

3.3CVSS6.4AI score0.00227EPSS

Exploits0References16

OSV•added 2024/05/01 6:15 a.m.•0 views

UBUNTU-CVE-2024-26996

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: fncm: Fix UAF ncm object at re-bind after usb ep transport error When ncm function is working and then stop usb0 interface for link down, ethstop is called. At this piont, accidentally if usb transport error should...

7.8CVSS6.1AI score0.00011EPSS

Exploits0References44

Ubuntu•added 2016/06/10 5:53 a.m.•80 views

USN-3004-1: Linux kernel (Raspberry Pi 2) vulnerabilities

Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux kernel incorrectly enables scatter/gather I/O. A remote attacker could use this to obtain potentially sensitive information from kernel memory. CVE-2016-2117 Jann Horn discovered that eCryptfs improperly attempted to use...

10CVSS6.8AI score0.12798EPSS

Exploits19

Ubuntu•added 2016/06/10 5:46 a.m.•84 views

USN-3003-1: Linux kernel vulnerabilities

10CVSS6.8AI score0.12798EPSS

Exploits19

Ubuntu•added 2016/06/10 5:42 a.m.•76 views

USN-3002-1: Linux kernel (Wily HWE) vulnerabilities

10CVSS6.8AI score0.12798EPSS

Exploits19

OSV•added 2016/06/10 5:40 a.m.•3 views

USN-3001-1 linux-lts-vivid vulnerabilities