Description
OpenAMP v2025.10.0 ELF loader contains an integer overflow vulnerability in firmware image parsing. In elf_loader.c, it performs multiplication of two attacker-controlled 16-bit values from the ELF header without overflow checking. On 32-bit embedded systems (STM32MP1, Zynq, i.MX), large values can cause the product to wrap around to a small value.
Published: 2026-05-01
Score: 8.4 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

OpenAMP v2025.10.0 contains an integer overflow in the ELF loader, where the loader multiplies two 16‑bit values from an ELF header without checking for overflow. When the product exceeds the 32‑bit limit on systems such as STM32MP1, Zynq, and i.MX, the value wraps around to a smaller number. This flaw can enable an attacker to craft a malicious firmware image that is parsed incorrectly, potentially leading to unintended behavior or execution of unauthorized code.

Affected Systems

OpenAMP v2025.10.0 on 32‑bit embedded platforms including STM32MP1, Zynq, and i.MX. The vulnerability affects the elf_loader component used for firmware image parsing.

Risk and Exploitability

The CVSS score of 8.4 indicates high severity. EPSS is not available, and the vulnerability is not listed in CISA KEV, but the lack of a published exploit does not diminish the risk. Exploitation requires the attacker to supply a crafted ELF file, so the likely attack vector is local or during firmware deployment. Once the malformed header is processed, integer overflow causes incorrect parsing which may be abused to execute arbitrary code or cause a denial of service.

Generated by OpenCVE AI on May 2, 2026 at 07:51 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update OpenAMP to the latest release or apply the upstream fix that adds overflow checking to the 16‑bit multiplication in elf_loader.c.
  • If an immediate update is not feasible, validate ELF header values before parsing, ensuring that the product of the two 16‑bit fields does not exceed the 32‑bit limit or that the header values fall within expected ranges.
  • As a temporary workaround, replace or patch elf_loader.c to include an explicit overflow check that verifies the multiplication result before assignment.

Generated by OpenCVE AI on May 2, 2026 at 07:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 04 May 2026 16:15:00 +0000

Type Values Removed Values Added
First Time appeared Openamp
Openamp openamp
Vendors & Products Openamp
Openamp openamp

Sat, 02 May 2026 08:15:00 +0000

Type Values Removed Values Added
Title Integer Overflow in OpenAMP ELF Loader on 32‑Bit Embedded Systems

Fri, 01 May 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 01 May 2026 18:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-190

Fri, 01 May 2026 17:00:00 +0000

Type Values Removed Values Added
Description OpenAMP v2025.10.0 ELF loader contains an integer overflow vulnerability in firmware image parsing. In elf_loader.c, it performs multiplication of two attacker-controlled 16-bit values from the ELF header without overflow checking. On 32-bit embedded systems (STM32MP1, Zynq, i.MX), large values can cause the product to wrap around to a small value.
References
Metrics cvssV3_1

{'score': 8.4, 'vector': 'CVSS:3.1/AC:L/AV:L/A:H/C:H/I:H/PR:N/S:U/UI:N'}

Subscriptions

Openamp Openamp
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-05-01T17:44:59.342Z

Reserved: 2026-04-06T00:00:00.000Z

Link: CVE-2026-37540

cve-icon Vulnrichment

Updated: 2026-05-01T17:44:55.336Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-01T17:16:23.933

Modified: 2026-05-07T15:53:49.717

Link: CVE-2026-37540

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-04T16:11:43Z

Weaknesses