EUVD-2026-32377

In the Linux kernel, the following vulnerability has been resolved: usb: cdns3: fix role switching during resume If the role change while we are suspended, the cdns3 driver switches to the new mode during resume. However, switching to host mode in this context causes a NULL pointer dereference. T...

CVE-2026-45911

In the Linux kernel, the following vulnerability has been resolved: usb: cdns3: fix role switching during resume If the role change while we are suspended, the cdns3 driver switches to the new mode during resume. However, switching to host mode in this context causes a NULL pointer dereference. T...

CVE-2026-45911

CVE-2026-45911 affects the Linux kernel USB3 (cdns3) driver. When a USB role switch to host occurs during resume, the host path can dereference an uninitialized xhci-hcd device, causing a NULL pointer dereference. The fixed behavior is to skip the resume operation for the newly chosen role if a r...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: USB: Roles – Fixed NULL pointer issue when referencing the module’s reference. In the current design, the USB role class driver will obtain a reference to the module of the usbroleswitch object after the user selects the...

CVE-2026-31754

A flaw was found in the Linux kernel's USB subsystem, specifically within the cdns3 gadget driver. A local user could exploit this vulnerability by attempting to switch the USB role to host mode after a gadget initialization failure. This state inconsistency can lead to a system crash, resulting ...

CVE-2026-31754

The CVE-2026-31754 issue affects the Linux kernel’s USB DRD/CDNS3 gadget path. When cdns3_gadget_start() fails, the DRD hardware remains in gadget mode while software state is INACTIVE, causing hardware/software state inconsistency. This can lead to a failed host-mode switch via sysfs (role switc...

CVE-2026-31754 usb: cdns3: gadget: fix state inconsistency on gadget init failure

In the Linux kernel, the following vulnerability has been resolved: usb: cdns3: gadget: fix state inconsistency on gadget init failure When cdns3gadgetstart fails, the DRD hardware is left in gadget mode while software state remains INACTIVE, creating hardware/software state inconsistency. When...

PT-2026-36389

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A state inconsistency occurs in the cdns3 USB driver when cdns3 gadget start fails. In this scenario, the Dual-Role Device DRD hardware remains in gadget mode while the software state is...

EUVD-2012-5970

Malware in sbrugna...

CVE-2021-26594

In Directus 8.x through 8.8.1, an attacker can switch to the administrator role via the PATCH method without any control by the back end. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

CVE-2024-26747

In the Linux kernel, the following vulnerability has been resolved: usb: roles: fix NULL pointer issue when put module's reference In current design, usb role class driver will get usbroleswitch parent's module reference after the user get usbroleswitch device and put the reference after the user...

CVE-2021-26594

CVE-2021-26594 affects Directus 8.x through 8.8.1, where an attacker can switch to the administrator role via PATCH without backend checks. The vulnerability is limited to products no longer supported by the maintainer. Remediation in public docs advises upgrading to a supported Directus version;...

Directus Security Vulnerabilities

Directus is a real-time Api and application dashboard. It is used to manage Sql database content. A security vulnerability exists in Directus versions 8.x through 8.8.1, which can be exploited by an attacker to switch to the administrator role...