Zephyrproject

Zephyr

119 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.8

CVE-2026-1679

Exploit
  • EPSS 0.05%
  • Veröffentlicht 27.03.2026 23:21:18
  • Zuletzt bearbeitet 31.03.2026 20:35:00

The eswifi socket offload driver copies user-provided payloads into a fixed buffer without checking available space; oversized sends overflow `eswifi->buf`, corrupting kernel memory (CWE-120). Exploit requires local code that can call the socket send...

6.1

CVE-2026-4179

Exploit
  • EPSS 0.01%
  • Veröffentlicht 14.03.2026 21:51:33
  • Zuletzt bearbeitet 02.04.2026 20:45:41

Issues in stm32 USB device driver (drivers/usb/device/usb_dc_stm32.c) can lead to an infinite while loop.

6.8

CVE-2026-0849

Exploit
  • EPSS 0.02%
  • Veröffentlicht 14.03.2026 21:05:36
  • Zuletzt bearbeitet 02.04.2026 14:26:59

Malformed ATAES132A responses with an oversized length field overflow a 52-byte stack buffer in the Zephyr crypto driver, allowing a compromised device or bus attacker to corrupt kernel memory and potentially hijack execution.

9.8

CVE-2026-1678

Exploit
  • EPSS 0.08%
  • Veröffentlicht 05.03.2026 06:21:36
  • Zuletzt bearbeitet 09.03.2026 18:33:42

dns_unpack_name() caches the buffer tailroom once and reuses it while appending DNS labels. As the buffer grows, the cached size becomes incorrect, and the final null terminator can be written past the buffer. With assertions disabled (default), a ma...

4.6

CVE-2026-20435

  • EPSS 0.01%
  • Veröffentlicht 02.03.2026 08:39:12
  • Zuletzt bearbeitet 03.03.2026 12:52:46

In preloader, there is a possible read of device unique identifiers due to a logic error. This could lead to local information disclosure, if an attacker has physical access to the device, with no additional execution privileges needed. User interact...

6.7

CVE-2025-20747

  • EPSS 0.01%
  • Veröffentlicht 04.11.2025 06:20:19
  • Zuletzt bearbeitet 05.11.2025 17:11:25

In gnss service, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitatio...

6.7

CVE-2025-20746

  • EPSS 0.01%
  • Veröffentlicht 04.11.2025 06:20:17
  • Zuletzt bearbeitet 05.11.2025 17:11:34

In gnss service, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitatio...

6.5

CVE-2025-10456

  • EPSS 0.02%
  • Veröffentlicht 19.09.2025 05:21:33
  • Zuletzt bearbeitet 29.10.2025 18:16:37

A vulnerability was identified in the handling of Bluetooth Low Energy (BLE) fixed channels (such as SMP or ATT). Specifically, an attacker could exploit a flaw that causes the BLE target (i.e., the device under attack) to attempt to disconnect a fix...

7.6

CVE-2025-10458

  • EPSS 0.02%
  • Veröffentlicht 19.09.2025 05:20:20
  • Zuletzt bearbeitet 29.10.2025 18:08:06

Parameters are not validated or sanitized, and are later used in various internal operations.

6.5

CVE-2025-7403

  • EPSS 0.02%
  • Veröffentlicht 19.09.2025 05:19:18
  • Zuletzt bearbeitet 29.10.2025 18:05:53

Unsafe handling in bt_conn_tx_processor causes a use-after-free, resulting in a write-before-zero. The written 4 bytes are attacker-controlled, enabling precise memory corruption.