Memory Access Vulnerability in Xtensa SoCs by Vendor Zephyr Project
CVE-2026-10669
What is CVE-2026-10669?
A buffer validation flaw exists in Xtensa SoCs designed with CONFIG_XTENSA_MPU and CONFIG_USERSPACE. The arch_buffer_validate function incorrectly handles the return value, defaulting to permitted access without adequate checks in specific cases. In scenarios where the buffer size and alignment approach the maximum addressable space, the validation loop may not probe any MPU region, allowing unprivileged user-mode threads to exploit this misconfiguration. This vulnerability can lead to unauthorized memory access, revealing sensitive data, causing memory corruption, privilege escalation, and potentially resulting in denial of service. A fix has been implemented to deny access by default and introduced rigorous checks to ensure proper buffer validation.
Affected Version(s)
zephyr 3.7.0 < 4.5.0
