You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
usb cdc ncm
About this tag
The USB CDC NCM tag on WindowsForum.com covers discussions about the USB Communications Device Class Network Control Model, a protocol for Ethernet-over-USB networking. Recent content focuses on a Linux kernel vulnerability, CVE-2026-23447, which involves a bounds check bug in the cdc_ncm driver's NDP32 verification path. This flaw can lead to out-of-bounds reads when the NDP32 structure is near the end of an NTB, and it has been assigned a high CVSS 3.1 score. The issue is a follow-on to an earlier NDP16 fix. While the tag is primarily Linux-related, it may also be relevant to Windows users who rely on USB networking stacks or virtualized environments.
CVE-2026-23447 is a narrow Linux kernel bug with broader implications for anyone running USB networking stacks on affected systems. The flaw sits in the cdc_ncm driver’s NDP32 verification path, where the kernel failed to account for ndpoffset when checking the bounds of the descriptor pointer...