CVE-2026-10647 | zephyrproject zephyr up to 4.4.x Exported Network Interface usbd_cdc_ncm.c usbd_ep_enqueue deadlock (GHSA-xcf7-r86m-5q9f)
A vulnerability, which was classified as problematic, has been found in zephyrproject zephyr up to 4.4.x. The impacted element is the function usbd_ep_enqueue of the file subsys/usb/device_next/class/usbd_cdc_ncm.c of the component Exported Network Interface. The manipulation leads to deadlock.
This vulnerability is documented as CVE-2026-10647. The attack can be initiated remotely. There is not any exploit available.
It is advisable to upgrade the affected component.VulDB Recent EntriesRead More