Unbounded Loop Vulnerability in Zephyr PL011 UART Driver Affecting Zephyr Project
CVE-2026-10642

6.5MEDIUM

Key Information:

Status
Vendor
CVE Published:
24 June 2026

What is CVE-2026-10642?

The Zephyr PL011 UART driver is susceptible to a denial of service due to an unbounded software loop in the pl011_irq_tx_enable() function. This issue propagates when the TX interrupt mask bit is set, causing the application callback to be invoked repeatedly while the UART's CTS line is de-asserted. When the CTS hardware flow control is engaged and the sending device fails to signal CTS, the UART controller stops draining the TX FIFO. As a result, the application experiences an endless loop, stall, and potential operational hang. An attacker can exploit this vulnerability by manipulating the CTS line, aiming to disrupt device availability. A fix is available which modifies loop behavior to allow transmission resumption when CTS is re-asserted.

Affected Version(s)

zephyr 4.1.0 < 4.5.0

References

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.