Flaw in Zephyr's Dhara Flash Translation Layer Disk Driver
CVE-2026-10659

4.7MEDIUM

Key Information:

Status
Vendor
CVE Published:
7 July 2026

What is CVE-2026-10659?

The Dhara flash translation layer disk driver fails to handle error reporting safely, allowing for potential denial of service due to a null pointer dereference during flash error handling. Specifically, if a flash read error occurs while journal-resuming or probing checkpoint pages, the driver may incorrectly write to a null pointer, leading to a kernel fault. This issue arises when the memory addresses of the NAND medium content are influenced by wear or induced faults. Mitigation involves routing all error assignments through a null-safe error handling function, preventing kernel crashes when issues are encountered.

Affected Version(s)

zephyr 4.4.0 < 4.5.0

References

CVSS V3.1

Score:
4.7
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.