USB Vulnerability in Nuvoton NuMaker HSUSBD Controller
CVE-2026-10668

2.4LOW

Key Information:

Status
Vendor
CVE Published:
12 July 2026

What is CVE-2026-10668?

The Nuvoton NuMaker HSUSBD USB device-controller driver contains a vulnerability that causes the control endpoint to become unresponsive due to improper handling of IN tokens and new SETUP packets. This may allow a malicious host to exploit the condition, leading to a denial of service by frustrating the device's ability to respond to subsequent control transfers until a physical reset occurs. The flaw does not lead to data leakages or buffer overflows but significantly impacts the availability of USB functions on affected devices.

Affected Version(s)

zephyr 4.4.0 < 4.5.0

References

CVSS V3.1

Score:
2.4
Severity:
LOW
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Physical
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.