cbcvebase.

Zephyrproject-Rtos Zephyr vulnerabilities

128 known vulnerabilities affecting zephyrproject-rtos/zephyr.

Total CVEs
128
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL20HIGH61MEDIUM44LOW3

Vulnerabilities

Page 4 of 7
CVE-2020-10058P3HIGHCVSS 7.8≥ 2.1.0, < unspecified2020-05-11
CVE-2020-10058 [HIGH] CWE-20 CVE-2020-10058: Multiple syscalls in the Kscan subsystem perform insufficient argument validation, allowing code exe Multiple syscalls in the Kscan subsystem perform insufficient argument validation, allowing code executing in userspace to potentially gain elevated privileges. See NCC-ZEP-006 This issue affects: zephyrproject-rtos zephyr version 2.1.0 and later versions.
nvd
CVE-2020-10028P3HIGHCVSS 7.8≥ 1.14.0, < unspecified≥ 2.1.0, < unspecified2020-05-11
CVE-2020-10028 [HIGH] CWE-20 CVE-2020-10028: Multiple syscalls with insufficient argument validation See NCC-ZEP-006 This issue affects: zephyrpr Multiple syscalls with insufficient argument validation See NCC-ZEP-006 This issue affects: zephyrproject-rtos zephyr version 1.14.0 and later versions. version 2.1.0 and later versions.
nvd
CVE-2020-13598P3HIGHCVSS 7.8≥ v1.14.2, < unspecified≥ v2.3.0, < unspecified2021-05-25
CVE-2020-13598 [HIGH] CWE-121 CVE-2020-13598: FS: Buffer Overflow when enabling Long File Names in FAT_FS and calling fs_stat. Zephyr versions >= FS: Buffer Overflow when enabling Long File Names in FAT_FS and calling fs_stat. Zephyr versions >= v1.14.2, >= v2.3.0 contain Stack-based Buffer Overflow (CWE-121). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7fhv-rgxr-x56h
nvd
CVE-2020-13603P3HIGHCVSS 7.8≥ 1.14.2, < unspecified≥ 2.4.0, < unspecified2021-05-25
CVE-2020-13603 [HIGH] CWE-190 CVE-2020-13603: Integer Overflow in memory allocating functions. Zephyr versions >= 1.14.2, >= 2.4.0 contain Integer Integer Overflow in memory allocating functions. Zephyr versions >= 1.14.2, >= 2.4.0 contain Integer Overflow or Wraparound (CWE-190). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-94vp-8gc2-rm45
nvd
CVE-2023-0359P3HIGHCVSS 7.5≥ *, ≤ 3.22023-07-10
CVE-2023-0359 [HIGH] CWE-20 CVE-2023-0359: A missing nullptr-check in handle_ra_input can cause a nullptr-deref. A missing nullptr-check in handle_ra_input can cause a nullptr-deref.
nvd
CVE-2025-10458P3HIGHCVSS 7.6≥ *, ≤ 4.1.02025-09-19
CVE-2025-10458 [HIGH] CWE-130 CVE-2025-10458: Parameters are not validated or sanitized, and are later used in various internal operations. Parameters are not validated or sanitized, and are later used in various internal operations.
nvd
CVE-2021-3454P3HIGHCVSS 7.5≥ 2.4.0, < unspecified≥ v.2.50, < unspecified2021-10-19
CVE-2021-3454 [HIGH] CWE-130 CVE-2021-3454: Truncated L2CAP K-frame causes assertion failure. Zephyr versions >= 2.4.0, >= v.2.50 contain Improp Truncated L2CAP K-frame causes assertion failure. Zephyr versions >= 2.4.0, >= v.2.50 contain Improper Handling of Length Parameter Inconsistency (CWE-130), Reachable Assertion (CWE-617). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-fx88-6c29-vrp3
nvd
CVE-2021-3510P3HIGHCVSS 7.5≥ >1.14.0, < unspecified≥ >2.5.0, < unspecified2021-10-05
CVE-2021-3510 [HIGH] CWE-588 CVE-2021-3510: Zephyr JSON decoder incorrectly decodes array of array. Zephyr versions >= >1.14.0, >= >2.5.0 contai Zephyr JSON decoder incorrectly decodes array of array. Zephyr versions >= >1.14.0, >= >2.5.0 contain Attempt to Access Child of a Non-structure Pointer (CWE-588). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-289f-7mw3-2qf4
nvd
CVE-2021-3430P3HIGHCVSS 7.5≥ v1.14.0, < unspecified≥ v2.5.0, < unspecified2022-06-28
CVE-2021-3430 [HIGH] CWE-617 CVE-2021-3430: Assertion reachable with repeated LL_CONNECTION_PARAM_REQ. Zephyr versions >= v1.14 contain Reachabl Assertion reachable with repeated LL_CONNECTION_PARAM_REQ. Zephyr versions >= v1.14 contain Reachable Assertion (CWE-617). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-46h3-hjcq-2jjr
nvd
CVE-2025-12899P3MEDIUMCVSS 6.5≥ *, ≤ 4.22026-01-30
CVE-2025-12899 [MEDIUM] CWE-843 CVE-2025-12899: A flaw in Zephyr’s network stack allows an IPv4 packet containing ICMP type 128 to be misclassified A flaw in Zephyr’s network stack allows an IPv4 packet containing ICMP type 128 to be misclassified as an ICMPv6 Echo Request. This results in an out-of-bounds memory read and creates a potential information-leak vulnerability in the networking subsystem.
nvd
CVE-2026-5590P3MEDIUMCVSS 6.4≥ *, ≤ 4.32026-04-05
CVE-2026-5590 [MEDIUM] CWE-476 CVE-2026-5590: A race condition during TCP connection teardown can cause tcp_recv() to operate on a connection that A race condition during TCP connection teardown can cause tcp_recv() to operate on a connection that has already been released. If tcp_conn_search() returns NULL while processing a SYN packet, a NULL pointer derived from stale context data is passed to tcp_backlog_is_full() and dereferenced without validation, leading to a crash.
nvd
CVE-2025-1673P3HIGHCVSS 8.2≥ *, ≤ 4.02025-02-25
CVE-2025-1673 [HIGH] CWE-125 CVE-2025-1673: A malicious or malformed DNS packet without a payload can cause an out-of-bounds read, resulting in A malicious or malformed DNS packet without a payload can cause an out-of-bounds read, resulting in a crash (denial of service) or an incorrect computation.
nvd
CVE-2021-3455P3HIGHCVSS 7.5≥ 2.4.0, < unspecified≥ 2.5.0, < unspecified2021-10-19
CVE-2021-3455 [HIGH] CWE-416 CVE-2021-3455: Disconnecting L2CAP channel right after invalid ATT request leads freeze. Zephyr versions >= 2.4.0, Disconnecting L2CAP channel right after invalid ATT request leads freeze. Zephyr versions >= 2.4.0, >= 2.5.0 contain Use After Free (CWE-416). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7g38-3x9v-v7vp
nvd
CVE-2021-3431P3HIGHCVSS 7.5≥ v2.5.0, < unspecified2022-06-28
CVE-2021-3431 [HIGH] CWE-617 CVE-2021-3431: Assertion reachable with repeated LL_FEATURE_REQ. Zephyr versions >= v2.5.0 contain Reachable Assert Assertion reachable with repeated LL_FEATURE_REQ. Zephyr versions >= v2.5.0 contain Reachable Assertion (CWE-617). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7548-5m6f-mqv9
nvd
CVE-2021-3432P3HIGHCVSS 7.5≥ v1.14.0, < unspecified≥ v2.5.0, < unspecified2022-06-28
CVE-2021-3432 [HIGH] CWE-369 CVE-2021-3432: Invalid interval in CONNECT_IND leads to Division by Zero. Zephyr versions >= v1.14.0 Divide By Zero Invalid interval in CONNECT_IND leads to Division by Zero. Zephyr versions >= v1.14.0 Divide By Zero (CWE-369). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7364-p4wc-8mj4
nvd
CVE-2025-2962P3HIGHCVSS 7.5≥ *, ≤ 4.1.02025-06-24
CVE-2025-2962 [HIGH] CWE-835 CVE-2025-2962: A denial-of-service issue in the dns implemenation could cause an infinite loop. A denial-of-service issue in the dns implemenation could cause an infinite loop.
nvd
CVE-2023-5563P3HIGHCVSS 7.5≥ 3.3, ≤ 3.42023-10-13
CVE-2023-5563 [HIGH] CWE-703 CVE-2023-5563: The SJA1000 CAN controller driver backend automatically attempt to recover from a bus-off event when The SJA1000 CAN controller driver backend automatically attempt to recover from a bus-off event when built with CONFIG_CAN_AUTO_BUS_OFF_RECOVERY=y. This results in calling k_sleep() in IRQ context, causing a fatal exception.
nvd
CVE-2021-3320P4HIGHCVSS 7.5≥ v2.4.0, < unspecified2021-05-25
CVE-2021-3320 [HIGH] CWE-476 CVE-2021-3320: Type Confusion in 802154 ACK Frames Handling. Zephyr versions >= v2.4.0 contain NULL Pointer Derefer Type Confusion in 802154 ACK Frames Handling. Zephyr versions >= v2.4.0 contain NULL Pointer Dereference (CWE-476). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-27r3-rxch-2hm7
nvd
CVE-2020-13600P4HIGHCVSS 7.6≥ 1.14.2, < unspecified≥ 2.3.0, < unspecified2021-05-25
CVE-2020-13600 [HIGH] CWE-122 CVE-2020-13600: Malformed SPI in response for eswifi can corrupt kernel memory. Zephyr versions >= 1.14.2, >= 2.3.0 Malformed SPI in response for eswifi can corrupt kernel memory. Zephyr versions >= 1.14.2, >= 2.3.0 contain Heap-based Buffer Overflow (CWE-122). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hx4p-j86p-2mhr
nvd
CVE-2026-10658P4HIGHCVSS 7.1≥ *, ≤ 4.4.02026-06-23
CVE-2026-10658 [HIGH] CWE-125 CVE-2026-10658: A missing length validation in the Zephyr Bluetooth Host ISO receive path can be triggered by malfor A missing length validation in the Zephyr Bluetooth Host ISO receive path can be triggered by malformed HCI ISO data. In bt_iso_recv() (subsys/bluetooth/host/iso.c), when processing PB=START/SINGLE fragments, the code pulls a TS SDU header (8 bytes, ts=1) or a non-TS SDU header (4 bytes, ts=0) without first verifying that buf->len contains at least th
nvd
Zephyrproject-Rtos Zephyr vulnerabilities | cvebase