Memory Domain Flaw in Zephyr by Zephyr Project
CVE-2026-10635

6.3MEDIUM

Key Information:

Vendor: Zephyrproject
Status: Zephyr
Vendor: CVE Published:; 16 June 2026

🔔 Create Zephyrproject Vulnerability Alert

What is CVE-2026-10635?

A memory domain vulnerability exists in Zephyr v4.4.0, where a dangling pointer in the xtensa_domain_list can lead to a denial of service or memory corruption. Upon de-initializing a memory domain, the link in the global list is not removed, allowing a freed pointer to remain accessible. This flaw can trigger a NULL pointer dereference during memory-mapping operations, leading to potential userspace isolation failure. Only privileged kernel code can exploit this path, making it critical for system security. The vulnerability was introduced with the memory-domain de-initialization feature and has been addressed in later updates.

Affected Version(s)

zephyr 4.4.0 < 4.5.0

References

https://github.com/zephyrproject-rtos/zephyr/commit/33d43...

patch

https://github.com/zephyrproject-rtos/zephyr/security/adv...

CVSS V3.1

Score:

6.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 16, 2026
Vulnerability Reserved
Jun 2, 2026

CVE-2026-10635 Data

JSON