Vulnerability Details CVE-2026-10645
Zephyr's ext2 directory-entry parser does not fully validate on-disk directory entry structure before copying the entry name and advancing traversal state. In ext2_fetch_direntry() (subsys/fs/ext2/ext2_diskops.c), the code only checks de_name_len <= EXT2_MAX_FILE_NAME and then copies the name with memcpy without validating the structural relationship between de_rec_len, de_name_len, and the directory block boundary (for example that de_rec_len is non-zero, at least the size of the entry header, and that the record fits within the block). Callers such as find_dir_entry() and ext2_get_direntry() (subsys/fs/ext2/ext2_impl.c) then advance traversal using the unvalidated de_rec_len. A crafted ext2 image can therefore cause an out-of-bounds read from the directory block buffer when a malformed entry near the end of a block triggers an oversized name copy, or a zero-progress infinite loop when de_rec_len == 0. The issue is not reached at mount time but later through directory traversal paths such as pathname lookup, stat/open/unlink/rename, and readdir. The primary impact is denial of service and out-of-bounds reads under attacker-controlled ext2 images mounted from untrusted media.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 10.6%
CVSS Severity
CVSS v3 Score 4.9
Products affected by CVE-2026-10645
-
cpe:2.3:o:zephyrproject:zephyr:-
-
cpe:2.3:o:zephyrproject:zephyr:1.0.0
-
cpe:2.3:o:zephyrproject:zephyr:1.1.0
-
cpe:2.3:o:zephyrproject:zephyr:1.10.0
-
cpe:2.3:o:zephyrproject:zephyr:1.11.0
-
cpe:2.3:o:zephyrproject:zephyr:1.12.0
-
cpe:2.3:o:zephyrproject:zephyr:1.13.0
-
cpe:2.3:o:zephyrproject:zephyr:1.14.0
-
cpe:2.3:o:zephyrproject:zephyr:1.14.1
-
cpe:2.3:o:zephyrproject:zephyr:1.14.2
-
cpe:2.3:o:zephyrproject:zephyr:1.14.3
-
cpe:2.3:o:zephyrproject:zephyr:1.2.0
-
cpe:2.3:o:zephyrproject:zephyr:1.3.0
-
cpe:2.3:o:zephyrproject:zephyr:1.4.0
-
cpe:2.3:o:zephyrproject:zephyr:1.5.0
-
cpe:2.3:o:zephyrproject:zephyr:1.6.0
-
cpe:2.3:o:zephyrproject:zephyr:1.6.1
-
cpe:2.3:o:zephyrproject:zephyr:1.6.99
-
cpe:2.3:o:zephyrproject:zephyr:1.7.0
-
cpe:2.3:o:zephyrproject:zephyr:1.7.1
-
cpe:2.3:o:zephyrproject:zephyr:1.7.99
-
cpe:2.3:o:zephyrproject:zephyr:1.8.0
-
cpe:2.3:o:zephyrproject:zephyr:1.8.99
-
cpe:2.3:o:zephyrproject:zephyr:1.9.0
-
cpe:2.3:o:zephyrproject:zephyr:1.9.1
-
cpe:2.3:o:zephyrproject:zephyr:1.9.2
-
cpe:2.3:o:zephyrproject:zephyr:2.0.0
-
cpe:2.3:o:zephyrproject:zephyr:2.1.0
-
cpe:2.3:o:zephyrproject:zephyr:2.2.0
-
cpe:2.3:o:zephyrproject:zephyr:2.3.0
-
cpe:2.3:o:zephyrproject:zephyr:2.4.0
-
cpe:2.3:o:zephyrproject:zephyr:2.5.0
-
cpe:2.3:o:zephyrproject:zephyr:2.5.1
-
cpe:2.3:o:zephyrproject:zephyr:2.6.0
-
cpe:2.3:o:zephyrproject:zephyr:2.6.1
-
cpe:2.3:o:zephyrproject:zephyr:2.7.0
-
cpe:2.3:o:zephyrproject:zephyr:2.79.0
-
cpe:2.3:o:zephyrproject:zephyr:2.8.0
-
cpe:2.3:o:zephyrproject:zephyr:2.81.0
-
cpe:2.3:o:zephyrproject:zephyr:2.82.0
-
cpe:2.3:o:zephyrproject:zephyr:2.83.0
-
cpe:2.3:o:zephyrproject:zephyr:2.84.0
-
cpe:2.3:o:zephyrproject:zephyr:2.85.0
-
cpe:2.3:o:zephyrproject:zephyr:2.86.0
-
cpe:2.3:o:zephyrproject:zephyr:2.87.0
-
cpe:2.3:o:zephyrproject:zephyr:2.88.0
-
cpe:2.3:o:zephyrproject:zephyr:2.89.0
-
cpe:2.3:o:zephyrproject:zephyr:2.90.0
-
cpe:2.3:o:zephyrproject:zephyr:2.91.0
-
cpe:2.3:o:zephyrproject:zephyr:2.92.0
-
cpe:2.3:o:zephyrproject:zephyr:2.93.0
-
cpe:2.3:o:zephyrproject:zephyr:2.94.0
-
cpe:2.3:o:zephyrproject:zephyr:2.95.0
-
cpe:2.3:o:zephyrproject:zephyr:3.0.0
-
cpe:2.3:o:zephyrproject:zephyr:3.0.1
-
cpe:2.3:o:zephyrproject:zephyr:3.1.0
-
cpe:2.3:o:zephyrproject:zephyr:3.2.0
-
cpe:2.3:o:zephyrproject:zephyr:3.2.01
-
cpe:2.3:o:zephyrproject:zephyr:3.2.1
-
cpe:2.3:o:zephyrproject:zephyr:3.2.31
-
cpe:2.3:o:zephyrproject:zephyr:3.2.40
-
cpe:2.3:o:zephyrproject:zephyr:3.2.41
-
cpe:2.3:o:zephyrproject:zephyr:3.3.0
-
cpe:2.3:o:zephyrproject:zephyr:3.4.0
-
cpe:2.3:o:zephyrproject:zephyr:3.5.0
-
cpe:2.3:o:zephyrproject:zephyr:3.6.0
-
cpe:2.3:o:zephyrproject:zephyr:3.7.0
-
cpe:2.3:o:zephyrproject:zephyr:3.7.1
-
cpe:2.3:o:zephyrproject:zephyr:3.7.2
-
cpe:2.3:o:zephyrproject:zephyr:4.0.0
-
cpe:2.3:o:zephyrproject:zephyr:4.1.0
-
cpe:2.3:o:zephyrproject:zephyr:4.2.0
-
cpe:2.3:o:zephyrproject:zephyr:4.2.1
-
cpe:2.3:o:zephyrproject:zephyr:4.3.0
-
cpe:2.3:o:zephyrproject:zephyr:4.3.1
-
cpe:2.3:o:zephyrproject:zephyr:4.4.0
-
cpe:2.3:o:zephyrproject:zephyr:4.4.1