Zephyrproject Zephyr
7 CVEs affecting Zephyrproject Zephyr. Latest disclosed: 2026-06-16. Critical: 0, High: 0.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-10635 | Medium | 6.3 | 2026-06-16 | On Xtensa targets with CONFIG_USERSPACE and CONFIG_XTENSA_MMU, the page-table code (arch/xtensa/core/ptables.c) maintains a global list, xtensa_domain_list, of… |
CVE-2026-10638 | Medium | 5.9 | 2026-06-16 | subsys/net/ip/icmpv6.c reads the network interface from a net_pkt after that packet has been handed to net_try_send_data(). In icmpv6_handle_echo_request() and… |
CVE-2026-10637 | Medium | 5.9 | 2026-06-16 | subsys/net/ip/ipv6_mld.c:mld_send() read the packet interface via net_pkt_iface(pkt) after net_send_data(pkt) returned successfully. Per the network stack's ow… |
CVE-2026-10639 | Medium | 4.8 | 2026-06-16 | In Zephyr's native IPv4 stack, icmpv4_handle_echo_request() in subsys/net/ip/icmpv4.c builds an echo-reply packet (reply), hands it to net_try_send_data(), and… |
CVE-2026-10634 | Medium | 4.8 | 2026-06-15 | Zephyr's native TCP stack iterates the global connection list in net_tcp_foreach() (subsys/net/ip/tcp.c) using the SYS_SLIST_FOR_EACH_CONTAINER_SAFE macro, whi… |
CVE-2026-10640 | Medium | 4.2 | 2026-06-16 | Zephyr's IPv6 Neighbor Discovery send paths (net_ipv6_send_na, net_ipv6_send_ns, net_ipv6_send_rs in subsys/net/ip/ipv6_nbr.c) updated the per-interface ICMP-s… |
CVE-2026-10636 | Low | 3.7 | 2026-06-16 | In Zephyr's IPv4 IGMP implementation, igmp_send() in subsys/net/ip/igmp.c read the network interface back out of the packet via net_pkt_iface(pkt) after the pa… |