Medium severity6.4NVD Advisory· Published Apr 5, 2026· Updated Apr 7, 2026

CVE-2026-5590

Description

A race condition during TCP connection teardown can cause tcp_recv() to operate on a connection that has already been released. If tcp_conn_search() returns NULL while processing a SYN packet, a NULL pointer derived from stale context data is passed to tcp_backlog_is_full() and dereferenced without validation, leading to a crash.

Affected products

Zephyrproject Rtos/Zephyrinferred

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-4vqm-pw24-g9jpnvd

News mentions

No linked articles in our index yet.

cvss	0.416
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000