Out-of-Bounds Write Vulnerability in nRF70 Wi-Fi Driver by Nordic Semiconductor
CVE-2026-10664

5MEDIUM

Key Information:

Status
Vendor
CVE Published:
12 July 2026

What is CVE-2026-10664?

The nRF70 Wi-Fi driver's event handler contains a flaw that allows for an out-of-bounds write when copying Target Wake Time (TWT) flow entries into a fixed-size array. This vulnerability occurs due to insufficient validation of the number of TWT flows received, which can lead to overwriting memory beyond the allocated space. An attacker with the capability to send malformed events could exploit this issue to corrupt memory and potentially execute arbitrary code.

Affected Version(s)

zephyr 4.4.0 < 4.5.0

References

CVSS V3.1

Score:
5
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Adjacent Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.