CVE-2026-1679 in zephyrproject-rtos Zephyr
Resumen (Inglés)
The eswifi socket offload driver copies user-provided payloads into a fixed buffer without checking available space; oversized sends overflow `eswifi->buf`, corrupting kernel memory (CWE-120). Exploit requires local code that can call the socket send API; no remote attacker can reach it directly.
Responsable
zephyr
Reservar
2026-01-30
Divulgación
2026-03-28
Voces
| ID | Vulnerabilidad | CWE | Base | Temp | 0day | Hoy | Exp | KEV | EPSS | CTI | Con | CVE |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 354070 | zephyrproject-rtos Zephyr Eswifi Socket Offload desbordamiento de búfer | 120 | 6.3 | 6.2 | $0-$5k | $0-$5k | No está definido | 0.00035 | 1.25 | Arreglo oficial | CVE-2026-1679 |