Out-of-Bounds Write Vulnerability in Zephyr ADIN2111 Ethernet Driver
CVE-2026-10673
8.3HIGH
What is CVE-2026-10673?
The vulnerability in the Zephyr ADIN2111/ADIN1110 Ethernet driver arises from improper handling of received Ethernet frame data, allowing attackers to exploit a buffer overflow. Specifically, the driver reassembles data chunks into a fixed buffer without adequate bounds checks, leading to potential memory corruption and denial of service or code execution. This issue can be targeted remotely or adjacently, posing a significant risk to systems utilizing affected versions of the driver. A patch has been implemented in the recent commits ensuring that oversized frames are correctly identified and handled.
Affected Version(s)
zephyr 3.7.0 < 4.5.0
