CVE-2026-4179
Infinite Loop Vulnerability in STM32 USB Device Driver
Publication date: 2026-03-16
Last updated on: 2026-04-02
Assigner: Zephyr Project
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| zephyrproject | zephyr | to 4.3.0 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-835 | The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-4179 is a moderate severity vulnerability in the Zephyr RTOS affecting the STM32 USB device driver, specifically in the usb_dc_stm32.c file.
The issue occurs in the usb_write function, which tries to write data to a USB endpoint. If the write returns a -EAGAIN error, the function calls k_yield() to yield the processor and retry. However, this retry loop can be executed from within an interrupt handler context.
Calling k_yield() from an interrupt service routine (ISR) violates an assertion that k_yield() must not be called from ISR context. This causes an infinite loop inside the interrupt handler, leading to the system hanging.
This vulnerability is classified under CWE-835 (Loop with Unreachable Exit Condition) because the loop in usb_write can become infinite due to improper use of k_yield() in ISR context.
How can this vulnerability impact me? :
[{'type': 'paragraph', 'content': 'An attacker with local access and low privileges can trigger this vulnerability without any user interaction.'}, {'type': 'paragraph', 'content': 'Triggering the vulnerability causes an infinite loop inside the USB interrupt handler, which results in the system hanging and a denial of service condition.'}, {'type': 'paragraph', 'content': "The availability impact is high, meaning the system's USB functionality and possibly overall operation can be halted due to this vulnerability."}] [1]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability causes an infinite loop within the USB interrupt handler in the STM32 USB device driver, leading to the system hanging or USB interrupt processing halting.
Detection can focus on monitoring the system for symptoms such as USB device unresponsiveness or system hangs related to USB activity.
Since the issue occurs locally and involves the USB device driver, network detection is not applicable.
Specific commands to detect this vulnerability are not provided in the available resources.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation involves avoiding triggering the USB write retry loop from within an interrupt context.
Since no patched versions are available at the time of the advisory, users should monitor the Zephyr project repository for the referenced patch (pull request #104390) and apply it once released.
In the meantime, limiting local access to the device and avoiding operations that cause USB endpoint writes from interrupt handlers can reduce the risk of triggering the infinite loop.