Vulnerability Details CVE-2026-0849
Malformed ATAES132A responses with an oversized length field overflow a 52-byte stack buffer in the Zephyr crypto driver, allowing a compromised device or bus attacker to corrupt kernel memory and potentially hijack execution.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 4.2%
CVSS Severity
CVSS v3 Score 3.8
References
Products affected by CVE-2026-0849
-
cpe:2.3:o:zephyrproject:zephyr:4.3.0