Description
Malformed ATAES132A responses with an oversized length field overflow a 52-byte stack buffer in the Zephyr crypto driver, allowing a compromised device or bus attacker to corrupt kernel memory and potentially hijack execution.
Published: 2026-03-14
Score: 3.8 Low
EPSS: < 1% Very Low
KEV: No
Impact: Kernel memory corruption leading to execution hijack
Action: Apply Patch
AI Analysis

Impact

The vulnerability resides in the Zephyr ATAES132A crypto driver. Malformed responses with an oversized length field overflow a 52‑byte stack buffer, enabling a compromised device or bus attacker to corrupt kernel memory and potentially hijack execution. This is a classic stack buffer overflow (CWE‑120).

Affected Systems

Affected products include Zephyr RTOS version 4.3.0 and its release candidate builds rc1 through rc3 from the zephyrproject‑rtos vendor.

Risk and Exploitability

The CVSS score of 3.8 indicates a moderate risk, and the EPSS score indicates less than a 1% chance that an exploit is actively used. The vulnerability is not listed in the CISA KEV catalog. Exploitation would require an attacker to have a compromised device or bus level access to send a malicious response, so the attack vector is local/internal to the device. Given the low probability of exploitation and moderate impact, it remains prudent to patch promptly.

Generated by OpenCVE AI on April 2, 2026 at 15:27 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the security patch released by Zephyr for versions 4.3.0 and rc1‑rc3
  • Upgrade to the latest Zephyr release that includes the ATAES132A buffer overflow fix
  • Verify that the target device firmware is up to date and that the patched driver is loaded
  • Restrict bus access to trusted devices only, ensuring that no untrusted peripherals can send malformed responses

Generated by OpenCVE AI on April 2, 2026 at 15:27 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 02 Apr 2026 14:30:00 +0000

Type Values Removed Values Added
First Time appeared Zephyrproject
Zephyrproject zephyr
CPEs cpe:2.3:o:zephyrproject:zephyr:4.3.0:-:*:*:*:*:*:*
cpe:2.3:o:zephyrproject:zephyr:4.3.0:rc1:*:*:*:*:*:*
cpe:2.3:o:zephyrproject:zephyr:4.3.0:rc2:*:*:*:*:*:*
cpe:2.3:o:zephyrproject:zephyr:4.3.0:rc3:*:*:*:*:*:*
Vendors & Products Zephyrproject
Zephyrproject zephyr

Tue, 17 Mar 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 16 Mar 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Zephyrproject-rtos
Zephyrproject-rtos zephyr
Vendors & Products Zephyrproject-rtos
Zephyrproject-rtos zephyr

Sat, 14 Mar 2026 21:15:00 +0000

Type Values Removed Values Added
Description Malformed ATAES132A responses with an oversized length field overflow a 52-byte stack buffer in the Zephyr crypto driver, allowing a compromised device or bus attacker to corrupt kernel memory and potentially hijack execution.
Title crypto: ATAES132A response length allows stack buffer overflow
Weaknesses CWE-120
References
Metrics cvssV3_1

{'score': 3.8, 'vector': 'CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L'}

Subscriptions

Zephyrproject Zephyr
Zephyrproject-rtos Zephyr
cve-icon MITRE

Status: PUBLISHED

Assigner: zephyr

Published:

Updated: 2026-03-17T15:05:37.922Z

Reserved: 2026-01-11T06:32:24.529Z

Link: CVE-2026-0849

cve-icon Vulnrichment

Updated: 2026-03-17T15:05:26.565Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-16T14:18:07.270

Modified: 2026-04-02T14:26:59.037

Link: CVE-2026-0849

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-02T20:23:47Z

Weaknesses