Out-of-Bounds Write Vulnerability in nRF70 Wi-Fi Driver by Nordic Semiconductor
CVE-2026-10664
5MEDIUM
What is CVE-2026-10664?
The nRF70 Wi-Fi driver's event handler contains a flaw that allows for an out-of-bounds write when copying Target Wake Time (TWT) flow entries into a fixed-size array. This vulnerability occurs due to insufficient validation of the number of TWT flows received, which can lead to overwriting memory beyond the allocated space. An attacker with the capability to send malformed events could exploit this issue to corrupt memory and potentially execute arbitrary code.
Affected Version(s)
zephyr 4.4.0 < 4.5.0
