Unbounded Loop Vulnerability in Zephyr PL011 UART Driver Affecting Zephyr Project
CVE-2026-10642
What is CVE-2026-10642?
The Zephyr PL011 UART driver is susceptible to a denial of service due to an unbounded software loop in the pl011_irq_tx_enable() function. This issue propagates when the TX interrupt mask bit is set, causing the application callback to be invoked repeatedly while the UART's CTS line is de-asserted. When the CTS hardware flow control is engaged and the sending device fails to signal CTS, the UART controller stops draining the TX FIFO. As a result, the application experiences an endless loop, stall, and potential operational hang. An attacker can exploit this vulnerability by manipulating the CTS line, aiming to disrupt device availability. A fix is available which modifies loop behavior to allow transmission resumption when CTS is re-asserted.
Affected Version(s)
zephyr 4.1.0 < 4.5.0
