Skip to main content

CVE-2026-10668 - Host-triggerable control-endpoint wedge (DoS) in Nuvoton NuMaker HSUSBD UDC driver

CVE ID :CVE-2026-10668
Published : July 12, 2026, 5:16 p.m. | 1 hour, 30 minutes ago
Description :The Nuvoton NuMaker HSUSBD USB device-controller driver (drivers/usb/udc/udc_numaker.c) armed the control Data IN stage unconditionally (base->CEPTXCNT = len in numaker_hsusbd_ep_trigger). Because the HSUSBD hardware cannot disarm a control Data IN already armed for a previous transfer, a USB host that cancels an in-flight control transfer (timeout) and then issues a new SETUP packet can drive the driver out of sync: stale data may be transmitted in the new transfer and the control endpoint can become permanently stuck NAK'ing every subsequent control transfer. A malicious or buggy host (physical/adjacent attacker driving the bus) can repeatedly cancel-and-re-SETUP to wedge the device's USB control endpoint, denying service to the device's USB function (the device stops enumerating/responding on the control pipe) until a USB reset or re-plug. The flaw is an availability-only denial of service; the FIFO copy loops (bounded by net_buf length and the hardware BUFFULL flag) and the net_buf lifecycle are independent of the arming desync, so there is no out-of-bounds access, use-after-free, or information leak. The fix monitors the IN-token and new-SETUP events (k_event) and only arms control Data IN when an IN token is present and no new SETUP has arrived, cancelling the current transfer on a new SETUP. Affects boards using the Nuvoton NuMaker HSUSBD controller (CONFIG_UDC_NUMAKER with DT_HAS_NUVOTON_NUMAKER_HSUSBD_ENABLED); shipped in v4.4.0.
Severity: 2.4 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

About

Kenya Education Network CERT(KENET-CERT) is a Cybersecurity Emergency Response Team and Co-ordination Center operated by the National Research and Education Network of Kenya. KENET-CERT coordination center promotes awareness on cybersecurity incidences as well as coordinates and assists member institutions in responding effectively to cyber security threats and incidences. KENET-CERT works closely with Kenya's National CIRT coordination center (CIRT/CC) as a sector CIRT for the academic institutions. KENET promotes use of ICT in Teaching, Learning and Research in Higher Education Institutions in Kenya. KENET aims to interconnect all the Universities, Tertiary and Research Institutions in Kenya by setting up a cost effective and sustainable private network with high speed access to the global Internet. KENET also facilitates electronic communication among students and faculties in member institutions, share learning and teaching resources by collaboration in Research and Development of Educational content.