Impact
A flaw in RT-Thread allows a divide-by-zero error when the ioctl function in lwp_syscall.c is invoked with crafted parameters, causing the system to crash. This crash results in a loss of availability for the affected device. The vulnerability is a classic example of CWE-369 and CWE-404.
Affected Systems
The security issue affects RT-Thread v5.2.2 and earlier. The only vendor explicitly noted is RT-Thread. No specific device models are listed, but any system deploying the affected RT-Thread release is potentially vulnerable.
Risk and Exploitability
The CVSS score of 5.3 classifies the vulnerability as medium risk. The EPSS score is currently unavailable, but the published exploit and the fact that the attack may be launched remotely raise concern. The vulnerability is not included in the CISA KEV catalog. The exploit path involves delivering a crafted ioctl request over a remote interface, expected to trigger the divide‑by‑zero crash. Because the flaw sits in low‑level system code, it is likely to be exploitable without local privileges. The lack of an official patch leaves environments at ongoing risk until a fix is released.
OpenCVE Enrichment