CVE-2026-0849 | THREATINT

Description

Malformed ATAES132A responses with an oversized length field overflow a 52-byte stack buffer in the Zephyr crypto driver, allowing a compromised device or bus attacker to corrupt kernel memory and potentially hijack execution.

PUBLISHED Reserved 2026-01-11 | Published 2026-03-14 | Updated 2026-03-17 | Assigner zephyr

LOW: 3.8CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L

Problem types

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

Product status

Default status

unaffected

* (git)

affected

References

github.com/...zephyr/security/advisories/GHSA-ff4p-3ggg-prp6 exploit

github.com/...zephyr/security/advisories/GHSA-ff4p-3ggg-prp6

cve.org (CVE-2026-0849)

nvd.nist.gov (CVE-2026-0849)

Download JSON