zephyrproject
Top products
Latest CVEs
The 15 most recently published vulnerabilities affecting zephyrproject.
- CVE-2026-10641Out-of-bounds write in Bluetooth HFP Hands-Free CIND indicator parsing (cind_handle_values)7.1
- CVE-2026-10640Use-after-free reading `net_pkt` `iface` after send in IPv6 Neighbor Discovery (`ipv6_nbr.c`)4.2
- CVE-2026-10639Use-after-free reading `net_pkt_iface()` of a sent ICMPv4 echo-reply packet in `icmpv4_handle_echo_request()`4.8
- CVE-2026-10638Use-after-free in Zephyr ICMPv6 RX path when updating statistics after sending an echo reply or error5.9
- CVE-2026-10637Use-after-free of net_pkt in IPv6 MLD send path triggerable by a link-local MLD Query5.9
- CVE-2026-10636Use-after-free in Zephyr IPv4 IGMP send path (igmp_send)3.7
- CVE-2026-10635Dangling memory-domain pointer (use-after-free) in Xtensa MMU page-table code on memory-domain de-init6.3
- CVE-2026-10634Use-after-free in Zephyr native TCP net_tcp_foreach() due to dropping tcp_lock during the callback4.8
- CVE-2026-1679net: eswifi socket send payload length not bounded7.3
- CVE-2026-4179stm32: usb: Infinite while loop in Interrupt Handler6.1
- CVE-2026-0849crypto: ATAES132A response length allows stack buffer overflow3.8
- CVE-2026-20435In preloader, there is a possible read of device unique identifiers due to a logic error. This could lead to local information disclosure, if an attacker has physical access to the device, with no ...4.6
- CVE-2025-20747In gnss service, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System priv...6.7
- CVE-2025-20746In gnss service, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System priv...6.7
- CVE-2025-10456Bluetooth: Semi-Arbitrary ability to make the BLE Target send disconnection requests7.1