Description
A flaw has been found in RT-Thread up to 5.2.2. Affected is the function read/write/sys_ioctl of the file components/lwp/lwp_syscall.c of the component Parameter Handler. Executing a manipulation can lead to divide by zero. The attack may be launched remotely. The exploit has been published and may be used. The pull request to fix this issue awaits acceptance.
Published: 2026-07-04
Score: 5.3 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A flaw in RT-Thread allows a divide-by-zero error when the ioctl function in lwp_syscall.c is invoked with crafted parameters, causing the system to crash. This crash results in a loss of availability for the affected device. The vulnerability is a classic example of CWE-369 and CWE-404.

Affected Systems

The security issue affects RT-Thread v5.2.2 and earlier. The only vendor explicitly noted is RT-Thread. No specific device models are listed, but any system deploying the affected RT-Thread release is potentially vulnerable.

Risk and Exploitability

The CVSS score of 5.3 classifies the vulnerability as medium risk. The EPSS score is currently unavailable, but the published exploit and the fact that the attack may be launched remotely raise concern. The vulnerability is not included in the CISA KEV catalog. The exploit path involves delivering a crafted ioctl request over a remote interface, expected to trigger the divide‑by‑zero crash. Because the flaw sits in low‑level system code, it is likely to be exploitable without local privileges. The lack of an official patch leaves environments at ongoing risk until a fix is released.

Generated by OpenCVE AI on July 5, 2026 at 07:51 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade RT-Thread to a version that includes the fix once released.
  • If an upgrade is not immediately possible, review the pending pull request (PR 11453) and apply the patch manually to lwp_syscall.c to guard against divide‑by‑zero errors.
  • Implement input validation for ioctl parameters to ensure division operands are non‑zero and bounds are checked, mitigating the possibility of a crash.
  • Monitor system logs for sudden crashes that could indicate exploitation.

Generated by OpenCVE AI on July 5, 2026 at 07:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sat, 04 Jul 2026 14:00:00 +0000

Type Values Removed Values Added
Description A flaw has been found in RT-Thread up to 5.2.2. Affected is the function read/write/sys_ioctl of the file components/lwp/lwp_syscall.c of the component Parameter Handler. Executing a manipulation can lead to divide by zero. The attack may be launched remotely. The exploit has been published and may be used. The pull request to fix this issue awaits acceptance.
Title RT-Thread Parameter lwp_syscall.c sys_ioctl divide by zero
First Time appeared Rt-thread
Rt-thread rt-thread
Weaknesses CWE-369
CWE-404
CPEs cpe:2.3:a:rt-thread:rt-thread:*:*:*:*:*:*:*:*
Vendors & Products Rt-thread
Rt-thread rt-thread
References
Metrics cvssV2_0

{'score': 4, 'vector': 'AV:N/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 4.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P'}


Subscriptions

Rt-thread Rt-thread
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-07-04T13:15:08.868Z

Reserved: 2026-07-03T17:10:08.620Z

Link: CVE-2026-14629

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-05T08:00:12Z

Weaknesses
  • CWE-369

    Divide By Zero

  • CWE-404

    Improper Resource Shutdown or Release