Kernel Memory Corruption in Eswifi Socket Offload Driver by Zephyr Project
CVE-2026-1679

7.3HIGH

Key Information:

Vendor: Zephyrproject-rtos
Status: Zephyr
Vendor: CVE Published:; 27 March 2026

🔔 Create Zephyrproject-rtos Vulnerability Alert

What is CVE-2026-1679?

The eswifi socket offload driver presents a security vulnerability due to its mishandling of user-provided payloads. When payloads are copied into a fixed buffer, the driver does not adequately verify the available space, leading to potential buffer overflow issues that can corrupt kernel memory. This vulnerability requires local code execution that can invoke the socket send API, thus limiting remote exploit possibilities.

Affected Version(s)

Zephyr * <= 4.3

References

https://github.com/zephyrproject-rtos/zephyr/security/adv...

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 27, 2026
Vulnerability Reserved
Jan 30, 2026

CVE-2026-1679 Data

JSON