Impact
A use‑after‑free occurs in Zephyr’s IPv6 Neighbor Discovery when the per‑interface ICMP statistics are updated after the packet has been freed. The overrun can corrupt memory, increment incorrect counters, cause a crash or induce denial of service. The flaw corresponds to CWE‑416.
Affected Systems
Zephyr project, versions 3.3.0 through 4.4.0, all configurations with CONFIG_NET_STATISTICS_PER_INTERFACE enabled. Systems running earlier or later versions, or those that disable per‑interface statistics, are not affected.
Risk and Exploitability
The attack can be triggered by any unauthenticated on‑link node that sends Neighbor Solicitations. The CVSS score of 4.2 indicates moderate severity. The EPSS score is less than 1 %, suggesting low likelihood of widespread exploitation, and the vulnerability is not listed in CISA KEV. An attacker would need only network access to the target device to trigger the flaw, and exploitation would result in corruption of statistics or a crash, rather than code execution.
OpenCVE Enrichment