Description
Buffer Overflow vulnerability in Ardupilot rover commit v.c56439b045162058df0ff136afea3081fcd06d38 allows a local attacker to cause a denial of service via the AP_InertialSensor_ADIS1647x.cpp, ArduRover, ADIS1647x Sensor component.
Published: 2026-05-13
Score: 6.2 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A buffer overflow exists in the AP_InertialSensor_ADIS1647x.cpp file of the Ardupilot Rover firmware. An attacker with local access can trigger the overflow, causing the rover’s processing of inertial sensor data to crash and therefore deny service. The vulnerability allows the attacker to corrupt memory on the device, potentially halting operation until reset.

Affected Systems

Ardupilot Rover systems that include the ADIS1647x inertial sensor component. The vulnerability was identified in the code commit v.c56439b045162058df0ff136afea3081fcd06d38. No specific firmware release numbers are listed, so any unpatched installation that incorporates this commit is affected.

Risk and Exploitability

The EPSS score of <1% indicates a low exploitation probability, and the CVE is not listed in the CISA KEV catalog, indicating that exploitation is currently undocumented. The attack requires local presence or a compromised onboard application to interact with the sensor driver, making it a local denial-of-service threat. While the severity could be high in mission-critical contexts, the likelihood of exploitation remains low without a documented exploit. The CVSS score of 6.2 indicates a medium severity vulnerability.

Generated by OpenCVE AI on May 14, 2026 at 16:29 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Ardupilot firmware to a version that includes the fix for the ADIS1647x sensor overflow.
  • If an update is not available, disable the ADIS1647x sensor component or replace the sensor driver with a patched alternative.
  • Implement input validation and boundary checks in the AP_InertialSensor_ADIS1647x.cpp module to prevent buffer overflows.
  • Allot a watchdog timer that can reset the rover application if sensor processing fails, reducing downtime due to crashes.

Generated by OpenCVE AI on May 14, 2026 at 16:29 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 14 May 2026 16:45:00 +0000

Type Values Removed Values Added
Title Local Denial of Service via Buffer Overflow in Ardupilot Rover Sensor Driver

Thu, 14 May 2026 15:45:00 +0000

Type Values Removed Values Added
Title Buffer Overflow in Ardupilot Rover Inertial Sensor Causing Local Denial of Service
Weaknesses CWE-119

Thu, 14 May 2026 13:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-120
CWE-121
Metrics cvssV3_1

{'score': 6.2, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 13 May 2026 18:45:00 +0000

Type Values Removed Values Added
Title Buffer Overflow in Ardupilot Rover Inertial Sensor Causing Local Denial of Service
Weaknesses CWE-119

Wed, 13 May 2026 17:15:00 +0000

Type Values Removed Values Added
Description Buffer Overflow vulnerability in Ardupilot rover commit v.c56439b045162058df0ff136afea3081fcd06d38 allows a local attacker to cause a denial of service via the AP_InertialSensor_ADIS1647x.cpp, ArduRover, ADIS1647x Sensor component.
References

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-05-14T12:18:40.921Z

Reserved: 2024-10-08T00:00:00.000Z

Link: CVE-2024-48519

cve-icon Vulnrichment

Updated: 2026-05-14T12:08:53.589Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-13T17:16:18.193

Modified: 2026-05-14T13:16:14.943

Link: CVE-2024-48519

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-14T16:30:24Z

Weaknesses