Flaw in Zephyr's Dhara Flash Translation Layer Disk Driver
CVE-2026-10659
4.7MEDIUM
What is CVE-2026-10659?
The Dhara flash translation layer disk driver fails to handle error reporting safely, allowing for potential denial of service due to a null pointer dereference during flash error handling. Specifically, if a flash read error occurs while journal-resuming or probing checkpoint pages, the driver may incorrectly write to a null pointer, leading to a kernel fault. This issue arises when the memory addresses of the NAND medium content are influenced by wear or induced faults. Mitigation involves routing all error assignments through a null-safe error handling function, preventing kernel crashes when issues are encountered.
Affected Version(s)
zephyr 4.4.0 < 4.5.0
