EUVD-2026-32377

In the Linux kernel, the following vulnerability has been resolved: usb: cdns3: fix role switching during resume If the role change while we are suspended, the cdns3 driver switches to the new mode during resume. However, switching to host mode in this context causes a NULL pointer dereference. T...

CVE-2026-45911

In the Linux kernel, the following vulnerability has been resolved: usb: cdns3: fix role switching during resume If the role change while we are suspended, the cdns3 driver switches to the new mode during resume. However, switching to host mode in this context causes a NULL pointer dereference. T...

CVE-2026-45911

The CVE-2026-45911 issue affects the Linux kernel’s usb: cdns3 driver. When a role switch occurs during suspend/resume, the host mode path can dereference an unprobed xhci-hcd device during resume, leading to a NULL pointer dereference. The described fix skips the resume operation for the new rol...

Astra Linux - уязвимость в linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: usb: roles: fix NULL pointer issue when put module's reference In current design, usb role class driver will get usbroleswitch parent's module reference after the user get usbroleswitch device and put the reference after the user...

CVE-2026-31754

A flaw was found in the Linux kernel's USB subsystem, specifically within the cdns3 gadget driver. A local user could exploit this vulnerability by attempting to switch the USB role to host mode after a gadget initialization failure. This state inconsistency can lead to a system crash, resulting ...

CVE-2026-31754 usb: cdns3: gadget: fix state inconsistency on gadget init failure

In the Linux kernel, the following vulnerability has been resolved: usb: cdns3: gadget: fix state inconsistency on gadget init failure When cdns3gadgetstart fails, the DRD hardware is left in gadget mode while software state remains INACTIVE, creating hardware/software state inconsistency. When...

CVE-2026-31754

The CVE-2026-31754 issue affects the Linux kernel’s USB DRD/CDNS3 gadget path. When cdns3_gadget_start() fails, the DRD hardware remains in gadget mode while software state is INACTIVE, causing hardware/software state inconsistency. This can lead to a failed host-mode switch via sysfs (role switc...

PT-2026-36389

In the Linux kernel, the following vulnerability has been resolved: usb: cdns3: gadget: fix state inconsistency on gadget init failure When cdns3 gadget start fails, the DRD hardware is left in gadget mode while software state remains INACTIVE, creating hardware/software state inconsistency. When...

EUVD-2012-5970

Malware in sbrugna...

CVE-2021-26594

In Directus 8.x through 8.8.1, an attacker can switch to the administrator role via the PATCH method without any control by the back end. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

CVE-2024-26747

In the Linux kernel, the following vulnerability has been resolved: usb: roles: fix NULL pointer issue when put module's reference In current design, usb role class driver will get usbroleswitch parent's module reference after the user get usbroleswitch device and put the reference after the user...

CVE-2021-26594

CVE-2021-26594 affects Directus 8.x through 8.8.1, where an attacker can switch to the administrator role via PATCH without backend checks. The vulnerability is limited to products no longer supported by the maintainer. Remediation in public docs advises upgrading to a supported Directus version;...

Directus Security Vulnerabilities

Directus is a real-time Api and application dashboard. It is used to manage Sql database content. A security vulnerability exists in Directus versions 8.x through 8.8.1, which can be exploited by an attacker to switch to the administrator role...