Description
A vulnerability was identified in RT-Thread up to 5.0.2. Affected by this vulnerability is the function recvmsg in the library bsp/loongson/ls1cdev/libraries/ls1c_can.h of the component ls1c CAN Handler. Such manipulation leads to stack-based buffer overflow. Local access is required to approach this attack. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
Published: 2026-07-03
Score: 8.5 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

RT‑Thread's ls1c CAN handler contains a stack‑based buffer overflow in the recvmsg function within ls1c_can.h. When a crafted CAN message is received, the function writes beyond the bounds of a stack buffer, corrupting control data. This overflow (CWE‑119 and CWE‑121) can allow an attacker who can send messages to the CAN controller to execute arbitrary code, crash the system, or otherwise compromise confidentiality, integrity, or availability of the embedded device.

Affected Systems

The flaw exists in firmware versions of RT‑Thread up to 5.0.2. All builds that include the ls1c CAN handler component, located in bsp/loongson/ls1cdev/libraries/ls1c_can.h, are affected. Deployments running RT‑Thread 5.0.2 or earlier and that expose the LS1C CAN interface to local traffic are vulnerable.

Risk and Exploitability

With a CVSS score of 8.5, the vulnerability is considered high severity. Local access is required to craft and send the malicious CAN messages that trigger the overflow. The CVE notes that the exploit is publicly available, indicating that an attacker with local connectivity to the CAN controller could feasibly exploit the weakness. The EPSS score indicates a low exploitation probability (<1%) and the issue is not listed in the CISA KEV catalog, but the existence of a public exploit demonstrates a realistic threat.

Generated by OpenCVE AI on July 5, 2026 at 00:34 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade RT‑Thread to a release newer than 5.0.2.
  • Restrict or disable local access to the LS1C CAN interface on devices that do not require it, and limit local users from directly interacting with the CAN controller.
  • Use runtime mitigation techniques such as stack canaries or address space layout randomization until a patch is applied.

Generated by OpenCVE AI on July 5, 2026 at 00:34 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 03 Jul 2026 20:00:00 +0000

Type Values Removed Values Added
Description A vulnerability was identified in RT-Thread up to 5.0.2. Affected by this vulnerability is the function recvmsg in the library bsp/loongson/ls1cdev/libraries/ls1c_can.h of the component ls1c CAN Handler. Such manipulation leads to stack-based buffer overflow. Local access is required to approach this attack. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
Title RT-Thread ls1c CAN ls1c_can.h recvmsg stack-based overflow
First Time appeared Rt-thread
Rt-thread rt-thread
Weaknesses CWE-119
CWE-121
CPEs cpe:2.3:a:rt-thread:rt-thread:*:*:*:*:*:*:*:*
Vendors & Products Rt-thread
Rt-thread rt-thread
References
Metrics cvssV2_0

{'score': 6.8, 'vector': 'AV:L/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 7.8, 'vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 8.5, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P'}


Subscriptions

Rt-thread Rt-thread
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-07-03T19:15:07.914Z

Reserved: 2026-07-03T13:51:34.526Z

Link: CVE-2026-14605

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-05T00:45:04Z

Weaknesses
  • CWE-119

    Improper Restriction of Operations within the Bounds of a Memory Buffer

  • CWE-121

    Stack-based Buffer Overflow