CVE-2026-0849
Awaiting Analysis Awaiting Analysis - Queue
Stack Buffer Overflow in Zephyr ATAES132A Driver Enables Kernel Memory Corruption

Publication date: 2026-03-16

Last updated on: 2026-04-02

Assigner: Zephyr Project

Description
Malformed ATAES132A responses with an oversized length field overflow a 52-byte stack buffer in the Zephyr crypto driver, allowing a compromised device or bus attacker to corrupt kernel memory and potentially hijack execution.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-16
Last Modified
2026-04-02
Generated
2026-06-16
AI Q&A
2026-03-16
EPSS Evaluated
2026-06-14
NVD
CVE-2026-0849
EUVD
EUVD-2026-12186
Affected Vendors & Products
Showing 4 associated CPEs
Vendor Product Version / Range
zephyrproject zephyr 4.3.0
zephyrproject zephyr 4.3.0
zephyrproject zephyr 4.3.0
zephyrproject zephyr 4.3.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-120 The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-0849 is a stack-based buffer overflow vulnerability in the Zephyr RTOS crypto driver for the ATAES132A device.

The flaw occurs because the function `ataes132a_send_command` copies data from a device response into a fixed-size 52-byte stack buffer without properly checking if the response size exceeds the buffer size.

A malformed ATAES132A response with an oversized length field (up to 64 bytes) can overflow this 52-byte buffer, overwriting adjacent kernel memory.

An attacker who controls the ATAES132A device or has access to the IΒ²C bus can exploit this by sending a forged response packet with a valid CRC but an inflated length field, causing kernel memory corruption.

This can lead to denial of service or potentially allow the attacker to hijack kernel-level code execution.

Impact Analysis

This vulnerability can impact you by allowing an attacker with physical access to the ATAES132A device or the IΒ²C bus to corrupt kernel memory.

Such corruption can cause denial of service by crashing the system or potentially enable the attacker to execute arbitrary code at the kernel level.

Because the attack requires physical access and has high complexity, the risk is somewhat limited but still significant for devices using the affected Zephyr versions.

Compliance Impact

I don't know

Detection Guidance

This vulnerability can be detected by monitoring for stack-buffer-overflow errors related to the ATAES132A crypto driver in Zephyr RTOS. A proof-of-concept exploit uses an AddressSanitizer (ASAN) harness to demonstrate the overflow by copying a forged 64-byte response into a 52-byte buffer, triggering a stack-buffer-overflow error.

To detect this on your system, you can run the Zephyr RTOS with AddressSanitizer enabled and observe logs for stack-buffer-overflow errors when the ATAES132A device responds. Specific commands would depend on your build and debugging environment, but generally involve enabling ASAN instrumentation and running tests that interact with the ATAES132A device.

No explicit commands are provided in the available resources.

Mitigation Strategies

Immediate mitigation steps include restricting physical and IΒ²C bus access to trusted devices only, as the vulnerability requires a compromised ATAES132A device or bus attacker to exploit.

Since no patches are available at the time of the advisory, avoid using vulnerable Zephyr versions (4.3.x) in sensitive environments or disable the ATAES132A crypto driver if possible.

Monitor for updates or patches from the Zephyr project and apply them as soon as they become available.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-0849. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart