Zephyrproject: >> Zephyr >> 4.3.0 Security Vulnerabilities
The eswifi socket offload driver copies user-provided payloads into a fixed buffer without checking available space; oversized sends overflow `eswifi->buf`, corrupting kernel memory (CWE-120). Exploit requires local code that can call the socket send API; no remote attacker can reach it directly.
CVSS Score
7.3
EPSS Score
0.002
Published
2026-03-28
Issues in stm32 USB device driver (drivers/usb/device/usb_dc_stm32.c) can lead to an infinite while loop.
CVSS Score
6.1
EPSS Score
0.002
Published
2026-03-16
Malformed ATAES132A responses with an oversized length field overflow a 52-byte stack buffer in the Zephyr crypto driver, allowing a compromised device or bus attacker to corrupt kernel memory and potentially hijack execution.
CVSS Score
3.8
EPSS Score
0.002
Published
2026-03-16
dns_unpack_name() caches the buffer tailroom once and reuses it while appending DNS labels. As the buffer grows, the cached size becomes incorrect, and the final null terminator can be written past the buffer. With assertions disabled (default), a malicious DNS response can trigger an out-of-bounds write when CONFIG_DNS_RESOLVER is enabled.
CVSS Score
9.4
EPSS Score
0.004
Published
2026-03-05