cbcvebase.

Zephyrproject Zephyr vulnerabilities

136 known vulnerabilities affecting zephyrproject/zephyr.

Total CVEs
136
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL22HIGH60MEDIUM49LOW5

Vulnerabilities

Page 4 of 7
CVE-2020-10021P3HIGHCVSS 7.8≤ 1.14.1≥ 2.1.0, < 2.2.02020-05-11
CVE-2020-10021 [HIGH] CWE-787 CVE-2020-10021: Out-of-bounds Write in the USB Mass Storage memoryWrite handler with unaligned Sizes See NCC-ZEP-024 Out-of-bounds Write in the USB Mass Storage memoryWrite handler with unaligned Sizes See NCC-ZEP-024, NCC-ZEP-025, NCC-ZEP-026 This issue affects: zephyrproject-rtos zephyr version 1.14.1 and later versions. version 2.1.0 and later versions.
nvd
CVE-2020-10058P3HIGHCVSS 7.8v2.1.02020-05-11
CVE-2020-10058 [HIGH] CWE-20 CVE-2020-10058: Multiple syscalls in the Kscan subsystem perform insufficient argument validation, allowing code exe Multiple syscalls in the Kscan subsystem perform insufficient argument validation, allowing code executing in userspace to potentially gain elevated privileges. See NCC-ZEP-006 This issue affects: zephyrproject-rtos zephyr version 2.1.0 and later versions.
nvd
CVE-2020-10028P3HIGHCVSS 7.8v1.14.0v2.1.02020-05-11
CVE-2020-10028 [HIGH] CWE-20 CVE-2020-10028: Multiple syscalls with insufficient argument validation See NCC-ZEP-006 This issue affects: zephyrpr Multiple syscalls with insufficient argument validation See NCC-ZEP-006 This issue affects: zephyrproject-rtos zephyr version 1.14.0 and later versions. version 2.1.0 and later versions.
nvd
CVE-2020-13598P3HIGHCVSS 7.8≤ 1.14.2≥ 2.0.0, ≤ 2.3.02021-05-25
CVE-2020-13598 [HIGH] CWE-121 CVE-2020-13598: FS: Buffer Overflow when enabling Long File Names in FAT_FS and calling fs_stat. Zephyr versions >= FS: Buffer Overflow when enabling Long File Names in FAT_FS and calling fs_stat. Zephyr versions >= v1.14.2, >= v2.3.0 contain Stack-based Buffer Overflow (CWE-121). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7fhv-rgxr-x56h
nvd
CVE-2020-13603P3HIGHCVSS 7.8≤ 1.14.2≥ 2.0.0, ≤ 2.2.02021-05-25
CVE-2020-13603 [HIGH] CWE-190 CVE-2020-13603: Integer Overflow in memory allocating functions. Zephyr versions >= 1.14.2, >= 2.4.0 contain Integer Integer Overflow in memory allocating functions. Zephyr versions >= 1.14.2, >= 2.4.0 contain Integer Overflow or Wraparound (CWE-190). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-94vp-8gc2-rm45
nvd
CVE-2023-0359P3HIGHCVSS 7.5≤ 3.2.02023-07-10
CVE-2023-0359 [HIGH] CWE-20 CVE-2023-0359: A missing nullptr-check in handle_ra_input can cause a nullptr-deref. A missing nullptr-check in handle_ra_input can cause a nullptr-deref.
nvd
CVE-2025-10458P3HIGHCVSS 7.6≤ 4.1.02025-09-19
CVE-2025-10458 [HIGH] CWE-130 CVE-2025-10458: Parameters are not validated or sanitized, and are later used in various internal operations. Parameters are not validated or sanitized, and are later used in various internal operations.
nvd
CVE-2021-3454P3HIGHCVSS 7.5≥ 2.4.0, < 2.6.02021-10-19
CVE-2021-3454 [HIGH] CWE-130 CVE-2021-3454: Truncated L2CAP K-frame causes assertion failure. Zephyr versions >= 2.4.0, >= v.2.50 contain Improp Truncated L2CAP K-frame causes assertion failure. Zephyr versions >= 2.4.0, >= v.2.50 contain Improper Handling of Length Parameter Inconsistency (CWE-130), Reachable Assertion (CWE-617). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-fx88-6c29-vrp3
nvd
CVE-2021-3510P3HIGHCVSS 7.5v1.14.0v1.14.1+6 more2021-10-05
CVE-2021-3510 [HIGH] CWE-588 CVE-2021-3510: Zephyr JSON decoder incorrectly decodes array of array. Zephyr versions >= >1.14.0, >= >2.5.0 contai Zephyr JSON decoder incorrectly decodes array of array. Zephyr versions >= >1.14.0, >= >2.5.0 contain Attempt to Access Child of a Non-structure Pointer (CWE-588). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-289f-7mw3-2qf4
nvd
CVE-2021-3430P3HIGHCVSS 7.5≥ 1.14.0, < 2.6.02022-06-28
CVE-2021-3430 [HIGH] CWE-617 CVE-2021-3430: Assertion reachable with repeated LL_CONNECTION_PARAM_REQ. Zephyr versions >= v1.14 contain Reachabl Assertion reachable with repeated LL_CONNECTION_PARAM_REQ. Zephyr versions >= v1.14 contain Reachable Assertion (CWE-617). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-46h3-hjcq-2jjr
nvd
CVE-2025-1673P3HIGHCVSS 8.2≤ 4.02025-02-25
CVE-2025-1673 [HIGH] CWE-125 CVE-2025-1673: A malicious or malformed DNS packet without a payload can cause an out-of-bounds read, resulting in A malicious or malformed DNS packet without a payload can cause an out-of-bounds read, resulting in a crash (denial of service) or an incorrect computation.
nvd
CVE-2021-3455P3HIGHCVSS 7.5≥ 2.4.0, < 2.6.02021-10-19
CVE-2021-3455 [HIGH] CWE-416 CVE-2021-3455: Disconnecting L2CAP channel right after invalid ATT request leads freeze. Zephyr versions >= 2.4.0, Disconnecting L2CAP channel right after invalid ATT request leads freeze. Zephyr versions >= 2.4.0, >= 2.5.0 contain Use After Free (CWE-416). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7g38-3x9v-v7vp
nvd
CVE-2021-3431P3HIGHCVSS 7.5≥ 2.5.0, < 2.6.02022-06-28
CVE-2021-3431 [HIGH] CWE-617 CVE-2021-3431: Assertion reachable with repeated LL_FEATURE_REQ. Zephyr versions >= v2.5.0 contain Reachable Assert Assertion reachable with repeated LL_FEATURE_REQ. Zephyr versions >= v2.5.0 contain Reachable Assertion (CWE-617). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7548-5m6f-mqv9
nvd
CVE-2021-3432P3HIGHCVSS 7.5≥ 1.14.0, < 2.6.02022-06-28
CVE-2021-3432 [HIGH] CWE-369 CVE-2021-3432: Invalid interval in CONNECT_IND leads to Division by Zero. Zephyr versions >= v1.14.0 Divide By Zero Invalid interval in CONNECT_IND leads to Division by Zero. Zephyr versions >= v1.14.0 Divide By Zero (CWE-369). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7364-p4wc-8mj4
nvd
CVE-2025-2962P3HIGHCVSS 7.5≤ 4.1.02025-06-24
CVE-2025-2962 [HIGH] CWE-835 CVE-2025-2962: A denial-of-service issue in the dns implemenation could cause an infinite loop. A denial-of-service issue in the dns implemenation could cause an infinite loop.
nvd
CVE-2023-5563P3HIGHCVSS 7.5≤ 3.4.02023-10-13
CVE-2023-5563 [HIGH] CWE-703 CVE-2023-5563: The SJA1000 CAN controller driver backend automatically attempt to recover from a bus-off event when The SJA1000 CAN controller driver backend automatically attempt to recover from a bus-off event when built with CONFIG_CAN_AUTO_BUS_OFF_RECOVERY=y. This results in calling k_sleep() in IRQ context, causing a fatal exception.
nvd
CVE-2021-3320P4HIGHCVSS 7.5≥ 2.0.0, ≤ 2.4.02021-05-25
CVE-2021-3320 [HIGH] CWE-476 CVE-2021-3320: Type Confusion in 802154 ACK Frames Handling. Zephyr versions >= v2.4.0 contain NULL Pointer Derefer Type Confusion in 802154 ACK Frames Handling. Zephyr versions >= v2.4.0 contain NULL Pointer Dereference (CWE-476). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-27r3-rxch-2hm7
nvd
CVE-2026-10638P4HIGHCVSS 7.5≥ 4.2.0, < 4.5.02026-06-16
CVE-2026-10638 [HIGH] CWE-416 CVE-2026-10638: subsys/net/ip/icmpv6.c reads the network interface from a net_pkt after that packet has been handed subsys/net/ip/icmpv6.c reads the network interface from a net_pkt after that packet has been handed to net_try_send_data(). In icmpv6_handle_echo_request() and net_icmpv6_send_error(), the post-send statistics update calls net_pkt_iface(reply)/net_pkt_iface(pkt) on the just-sent packet. The send path (net_try_send_data - net_if_tx) unreferences and may
nvd
CVE-2026-10640P4HIGHCVSS 7.1≥ 3.3.0, < 4.5.02026-06-16
CVE-2026-10640 [HIGH] CWE-416 CVE-2026-10640: Zephyr's IPv6 Neighbor Discovery send paths (net_ipv6_send_na, net_ipv6_send_ns, net_ipv6_send_rs in Zephyr's IPv6 Neighbor Discovery send paths (net_ipv6_send_na, net_ipv6_send_ns, net_ipv6_send_rs in subsys/net/ip/ipv6_nbr.c) updated the per-interface ICMP-sent statistics by calling net_pkt_iface(pkt) after net_send_data(pkt) had already returned successfully. On the success path the network stack owns and releases the packet's reference (the L2/dr
nvd
CVE-2020-10060P3MEDIUMCVSS 6.5≥ 2.1.0, < 2.4.02020-05-11
CVE-2020-10060 [MEDIUM] CVE-2020-10060: In updatehub_probe, right after JSON parsing is complete, objects\[1] is accessed from the output st In updatehub_probe, right after JSON parsing is complete, objects\[1] is accessed from the output structure in two different places. If the JSON contained less than two elements, this access would reference unitialized stack memory. This could result in a crash, denial of service, or possibly an information leak. Provided the fix in CVE-2020-10059 is applie
nvd
Zephyrproject Zephyr vulnerabilities | cvebase