Description
A stack-use-after-return issue exists in the Arduino_Core_STM32 library prior to version 1.7.0. The pwm_start() function allocates a TIM_HandleTypeDef structure on the stack and passes its address to HAL initialization routines, where it is stored in a global timer handle registry. After the function returns, interrupt service routines may dereference this dangling pointer, resulting in memory corruption.
Published: 2026-04-20
Score: n/a
EPSS: n/a
KEV: No
Impact: Potential memory corruption leading to arbitrary code execution
Action: Apply Patch
AI Analysis

Impact

The vulnerability arises from a stack-use-after-return in the Arduino_Core_STM32 library, where pwm_start() allocates a TIM_HandleTypeDef on the stack and passes its address to HAL routines. After pwm_start() returns, the pointer remains registered globally and can be dereferenced by interrupt service routines, leading to memory corruption. This flaw can allow an attacker to overwrite memory locations and potentially execute arbitrary code, undermining the confidentiality and integrity of the system.

Affected Systems

Systems running the Arduino_Core_STM32 library versions earlier than 1.7.0 are affected. This includes any STM32-based projects that use the PWM timing functions provided by the library.

Risk and Exploitability

The EPSS score is not available and the vulnerability is not listed in CISA KEV, suggesting a low to moderate known exploitation probability. The lack of a publicly disclosed CVSS score prevents a precise severity assessment, but the nature of the flaw—dereferencing a dangling pointer in interrupt context—makes it likely to be exploitable with sufficient access to the device. The attack vector is inferred to be exploitation of the MCU’s interrupt handling mechanism, possibly through user-controlled input that triggers PWM usage.

Generated by OpenCVE AI on April 20, 2026 at 18:42 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Arduino_Core_STM32 library to version 1.7.0 or later.
  • If an upgrade is not immediately possible, avoid using the pwm_start() function until the library is patched.
  • Verify interrupt service routines do not dereference global timer handles that may be uninitialized or reused, and replace any vulnerable calls with safer alternatives.

Generated by OpenCVE AI on April 20, 2026 at 18:42 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 20 Apr 2026 19:00:00 +0000

Type Values Removed Values Added
Title Stack Use-After-Return in Arduino STM32 Core Library Causing Memory Corruption
Weaknesses CWE-416

Mon, 20 Apr 2026 17:45:00 +0000

Type Values Removed Values Added
Description A stack-use-after-return issue exists in the Arduino_Core_STM32 library prior to version 1.7.0. The pwm_start() function allocates a TIM_HandleTypeDef structure on the stack and passes its address to HAL initialization routines, where it is stored in a global timer handle registry. After the function returns, interrupt service routines may dereference this dangling pointer, resulting in memory corruption.
References

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-04-20T17:04:17.309Z

Reserved: 2026-02-16T00:00:00.000Z

Link: CVE-2026-26399

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-20T18:16:25.040

Modified: 2026-04-20T19:05:30.750

Link: CVE-2026-26399

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-20T18:45:14Z

Weaknesses