Out-of-Bounds Write Vulnerability in Zephyr IP Socket Implementation
CVE-2026-10643

8.7HIGH

Key Information:

Vendor: Zephyrproject
Status: Zephyr
Vendor: CVE Published:; 27 June 2026

🔔 Create Zephyrproject Vulnerability Alert

What is CVE-2026-10643?

A flaw in Zephyr's IP socket recvmsg() allows for an out-of-bounds write due to inadequate validation of user-supplied ancillary buffer sizes. This vulnerability occurs when the buffer's length checks only account for the payload without considering the control message header, leading to potential memory corruption in the kernel heap. Triggerable by an unprivileged userspace thread, this flaw can have severe implications for system stability and security.

Affected Version(s)

zephyr 3.6.0 < 4.5.0

References

https://github.com/zephyrproject-rtos/zephyr/commit/01fe7...

patch

CVSS V3.1

Score:

8.7

Severity:

HIGH

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 27, 2026
Vulnerability Reserved
Jun 2, 2026

CVE-2026-10643 Data

JSON