CVE-2026-0849
Stack Buffer Overflow in Zephyr ATAES132A Driver Enables Kernel Memory Corruption
Publication date: 2026-03-16
Last updated on: 2026-04-02
Assigner: Zephyr Project
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| zephyrproject | zephyr | 4.3.0 |
| zephyrproject | zephyr | 4.3.0 |
| zephyrproject | zephyr | 4.3.0 |
| zephyrproject | zephyr | 4.3.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-120 | The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-0849 is a stack-based buffer overflow vulnerability in the Zephyr RTOS crypto driver for the ATAES132A device.
The flaw occurs because the function `ataes132a_send_command` copies data from a device response into a fixed-size 52-byte stack buffer without properly checking if the response size exceeds the buffer size.
A malformed ATAES132A response with an oversized length field (up to 64 bytes) can overflow this 52-byte buffer, overwriting adjacent kernel memory.
An attacker who controls the ATAES132A device or has access to the IΒ²C bus can exploit this by sending a forged response packet with a valid CRC but an inflated length field, causing kernel memory corruption.
This can lead to denial of service or potentially allow the attacker to hijack kernel-level code execution.
How can this vulnerability impact me? :
This vulnerability can impact you by allowing an attacker with physical access to the ATAES132A device or the IΒ²C bus to corrupt kernel memory.
Such corruption can cause denial of service by crashing the system or potentially enable the attacker to execute arbitrary code at the kernel level.
Because the attack requires physical access and has high complexity, the risk is somewhat limited but still significant for devices using the affected Zephyr versions.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for stack-buffer-overflow errors related to the ATAES132A crypto driver in Zephyr RTOS. A proof-of-concept exploit uses an AddressSanitizer (ASAN) harness to demonstrate the overflow by copying a forged 64-byte response into a 52-byte buffer, triggering a stack-buffer-overflow error.
To detect this on your system, you can run the Zephyr RTOS with AddressSanitizer enabled and observe logs for stack-buffer-overflow errors when the ATAES132A device responds. Specific commands would depend on your build and debugging environment, but generally involve enabling ASAN instrumentation and running tests that interact with the ATAES132A device.
No explicit commands are provided in the available resources.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting physical and IΒ²C bus access to trusted devices only, as the vulnerability requires a compromised ATAES132A device or bus attacker to exploit.
Since no patches are available at the time of the advisory, avoid using vulnerable Zephyr versions (4.3.x) in sensitive environments or disable the ATAES132A crypto driver if possible.
Monitor for updates or patches from the Zephyr project and apply them as soon as they become available.