Vendor
Zephyrproject
Products
2
CVEs
5
Across products
8
Status
Private
Products
2- 6 CVEs
- 2 CVEs
Recent CVEs
5| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-1679 | Hig | 0.47 | 7.3 | 0.00 | Mar 28, 2026 | The eswifi socket offload driver copies user-provided payloads into a fixed buffer without checking available space; oversized sends overflow `eswifi->buf`, corrupting kernel memory (CWE-120). Exploit requires local code that can call the socket send API; no remote attacker can reach it directly. | |
| CVE-2026-4179 | Med | 0.40 | 6.1 | 0.00 | Mar 16, 2026 | Issues in stm32 USB device driver (drivers/usb/device/usb_dc_stm32.c) can lead to an infinite while loop. | |
| CVE-2026-0849 | Low | 0.25 | 3.8 | 0.00 | Mar 16, 2026 | Malformed ATAES132A responses with an oversized length field overflow a 52-byte stack buffer in the Zephyr crypto driver, allowing a compromised device or bus attacker to corrupt kernel memory and potentially hijack execution. | |
| CVE-2017-14201 | 0.00 | — | 0.01 | Aug 29, 2019 | Use After Free vulnerability in the Zephyr shell allows a serial or telnet connected user to cause denial of service, and possibly remote code execution. This issue affects: Zephyr shell versions prior to 1.14.0 on all. | ||
| CVE-2017-14202 | 0.00 | — | 0.00 | Aug 29, 2019 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in the shell component of Zephyr allows a serial or telnet connected user to cause a crash, possibly with arbitrary code execution. This issue affects: Zephyr shell versions prior to 1.14.0 on all. |