Description
The eswifi socket offload driver copies user-provided payloads into a fixed buffer without checking available space; oversized sends overflow `eswifi->buf`, corrupting kernel memory (CWE-120). Exploit requires local code that can call the socket send API; no remote attacker can reach it directly.
Published: 2026-03-27
Score: 7.3 High
EPSS: < 1% Very Low
KEV: No
Impact: Kernel memory corruption
Action: Immediate patch
AI Analysis

Impact

The eswifi socket offload driver copies user‑provided payloads into a fixed buffer without enforcing a length check. An oversized send request overflows the driver’s internal buffer, corrupting kernel memory and potentially allowing escalation of privileges or system instability. The vulnerability stems from a buffer overrun weakness (CWE‑120).

Affected Systems

The flaw affects the Zephyr RTOS, specifically the eswifi socket offload driver. No exact release or version information is supplied in the advisory, but all builds containing the vulnerable driver are potentially impacted.

Risk and Exploitability

The CVSS score of 7.3 marks this as a high‑severity issue, yet exploitation requires local code that can invoke the socket send API; remote attackers cannot reach this directly without additional vector. Due to the lack of EPSS data and absence from the CISA KEV catalog, the likelihood of widespread exploitation is uncertain, though the high severity means it should be addressed promptly.

Generated by OpenCVE AI on March 28, 2026 at 05:09 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Zephyr patch that resolves the buffer overflow in the eswifi socket driver
  • Verify the applied patch by rebuilding the kernel and checking that socket send operations no longer overflow

Generated by OpenCVE AI on March 28, 2026 at 05:09 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 30 Mar 2026 07:15:00 +0000

Type Values Removed Values Added
First Time appeared Zephyrproject-rtos
Zephyrproject-rtos zephyr
Vendors & Products Zephyrproject-rtos
Zephyrproject-rtos zephyr

Sat, 28 Mar 2026 03:15:00 +0000

Type Values Removed Values Added
Description The eswifi socket offload driver copies user-provided payloads into a fixed buffer without checking available space; oversized sends overflow `eswifi->buf`, corrupting kernel memory (CWE-120). Exploit requires local code that can call the socket send API; no remote attacker can reach it directly.
Title net: eswifi socket send payload length not bounded
Weaknesses CWE-120
References
Metrics cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H'}

Subscriptions

Zephyrproject-rtos Zephyr
cve-icon MITRE

Status: PUBLISHED

Assigner: zephyr

Published:

Updated: 2026-03-27T23:21:18.399Z

Reserved: 2026-01-30T05:53:41.457Z

Link: CVE-2026-1679

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-28T00:16:04.740

Modified: 2026-03-30T13:26:07.647

Link: CVE-2026-1679

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-30T06:59:52Z

Weaknesses