Description
Issuing an ICMP ping via the `net ping` shell command to a device's own IPv4 address causes the network stack to recursively re-enter the input path on the same system work-queue stack. Because the destination is recognized as a local address, both the echo request and the resulting echo reply are processed inline before the current frame returns. The nested input-path frames exceed the work-queue stack and trigger a stack overflow.
Published: 2026-05-12
Score: 6.1 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Issuing an ICMP ping to a device’s own IPv4 address via the `net ping` shell command causes the network stack to recursively re‑enter the input path on the same work‑queue stack. The uncontrolled recursion leads to a stack overflow that can corrupt the kernel stack, causing the system to crash and become unavailable – a denial of service. The flaw is classified as CWE‑674.

Affected Systems

The vulnerability is found in the Zephyr project RTOS networking stack. No specific product or version information is provided, so any current Zephyr release lacking the patch may be affected.

Risk and Exploitability

The CVSS score of 6.1 indicates moderate risk. The EPSS score is not available, and the flaw is not listed in the CISA KEV catalog. The attack vector is inferred to be local, requiring the attacker to have shell access to run `net ping`. Because the overflow only occurs when pinging the device’s own address, remote exploitation is unlikely without such access. The primary consequence is a kernel crash that would deny service to the device.

Generated by OpenCVE AI on May 12, 2026 at 07:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to the latest Zephyr release that includes the fix referenced in the GHSA advisory GHSA-6fcc-8rwr-w7xx.
  • If a patch is unavailable, remove or disable the `net ping` shell command to eliminate the vulnerable code path.
  • As an interim safeguard, block local ICMP echo requests to the device’s own IP address using firewall rules or device configuration to prevent the stack overflow.

Generated by OpenCVE AI on May 12, 2026 at 07:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 12 May 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 12 May 2026 08:00:00 +0000

Type Values Removed Values Added
First Time appeared Zephyrproject-rtos
Zephyrproject-rtos zephyr
Vendors & Products Zephyrproject-rtos
Zephyrproject-rtos zephyr

Tue, 12 May 2026 06:30:00 +0000

Type Values Removed Values Added
Description Issuing an ICMP ping via the `net ping` shell command to a device's own IPv4 address causes the network stack to recursively re-enter the input path on the same system work-queue stack. Because the destination is recognized as a local address, both the echo request and the resulting echo reply are processed inline before the current frame returns. The nested input-path frames exceed the work-queue stack and trigger a stack overflow.
Title net: Stack Overflow with Ping (to own IP Address) via Shell
Weaknesses CWE-674
References
Metrics cvssV3_1

{'score': 6.1, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H'}

Subscriptions

Zephyrproject-rtos Zephyr
cve-icon MITRE

Status: PUBLISHED

Assigner: zephyr

Published:

Updated: 2026-05-12T13:15:53.865Z

Reserved: 2026-01-30T05:59:43.084Z

Link: CVE-2026-1681

cve-icon Vulnrichment

Updated: 2026-05-12T13:15:25.918Z

cve-icon NVD

Status : Received

Published: 2026-05-12T07:16:09.843

Modified: 2026-05-12T07:16:09.843

Link: CVE-2026-1681

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-12T08:00:06Z

Weaknesses