Memory Access Vulnerability in Xtensa SoCs by Vendor Zephyr Project
CVE-2026-10669

7.8HIGH

Key Information:

Status
Vendor
CVE Published:
14 July 2026

What is CVE-2026-10669?

A buffer validation flaw exists in Xtensa SoCs designed with CONFIG_XTENSA_MPU and CONFIG_USERSPACE. The arch_buffer_validate function incorrectly handles the return value, defaulting to permitted access without adequate checks in specific cases. In scenarios where the buffer size and alignment approach the maximum addressable space, the validation loop may not probe any MPU region, allowing unprivileged user-mode threads to exploit this misconfiguration. This vulnerability can lead to unauthorized memory access, revealing sensitive data, causing memory corruption, privilege escalation, and potentially resulting in denial of service. A fix has been implemented to deny access by default and introduced rigorous checks to ensure proper buffer validation.

Affected Version(s)

zephyr 3.7.0 < 4.5.0

References

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.