Buffer Overflow in Zephyr Crypto Driver Affects ATAES132A Responses
CVE-2026-0849

3.8LOW

Key Information:

Vendor: Zephyrproject-rtos
Status: Zephyr
Vendor: CVE Published:; 14 March 2026

🔔 Create Zephyrproject-rtos Vulnerability Alert

What is CVE-2026-0849?

The Zephyr crypto driver is vulnerable to a buffer overflow due to malformed ATAES132A responses that feature an oversized length field. This flaw allows an attacker, potentially either through a compromised device or via the bus, to manipulate the stack buffer, leading to corruption of kernel memory. Exploiting this vulnerability could enable an attacker to hijack the execution flow of the system.

Affected Version(s)

Zephyr * <= 4.3

References

https://github.com/zephyrproject-rtos/zephyr/security/adv...

CVSS V3.1

Score:

3.8

Severity:

LOW

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Physical

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 14, 2026
Vulnerability Reserved
Jan 11, 2026

CVE-2026-0849 Data

JSON