USB Vulnerability in Nuvoton NuMaker HSUSBD Controller
CVE-2026-10668
2.4LOW
What is CVE-2026-10668?
The Nuvoton NuMaker HSUSBD USB device-controller driver contains a vulnerability that causes the control endpoint to become unresponsive due to improper handling of IN tokens and new SETUP packets. This may allow a malicious host to exploit the condition, leading to a denial of service by frustrating the device's ability to respond to subsequent control transfers until a physical reset occurs. The flaw does not lead to data leakages or buffer overflows but significantly impacts the availability of USB functions on affected devices.
Affected Version(s)
zephyr 4.4.0 < 4.5.0
