CVE-2026-40337
Received Received - Intake
Privilege Escalation and DoS via IRQ Interaction in Sentry Kernel

Publication date: 2026-04-18

Last updated on: 2026-04-18

Assigner: GitHub, Inc.

Description
The Sentry kernel is a high security level micro-kernel implementation made for high security embedded systems. A given task with one of the DEV or IO capability is able to interact with another task's IRQ line through the __sys_int_* syscall familly. Prior to version 0.4.7, this can lead to DoS and covert-channels between this task and the outer world. A patch is available in version 0.4.7. As a workaround, reduce tasks that have the DEV and IO capability to a single one.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-18
Last Modified
2026-04-18
Generated
2026-06-16
AI Q&A
2026-04-18
EPSS Evaluated
2026-06-14
NVD
CVE-2026-40337
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
camelot_os sentry_kernel 0.4.7
camelot_os sentry_kernel to 0.4.7 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-283 The product does not properly verify that a critical resource is owned by the proper entity.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

The vulnerability exists in the Sentry kernel, a high security micro-kernel used in embedded systems. Specifically, tasks that have DEV or IO capabilities can interact with another task's IRQ line through the __sys_int_* syscall family. Before version 0.4.7, this interaction could lead to denial of service (DoS) attacks and covert channels between the task and the outside world.

Impact Analysis

This vulnerability can impact you by allowing a task with DEV or IO capabilities to cause denial of service (DoS) conditions within the system. Additionally, it can create covert channels that may leak information between the affected task and external entities, potentially compromising system security.

Mitigation Strategies

To mitigate this vulnerability, upgrade the Sentry kernel to version 0.4.7 or later where the patch is applied.

As a workaround before upgrading, reduce the number of tasks that have the DEV and IO capability to a single one to limit the risk of DoS and covert channels.

Compliance Impact

The vulnerability allows a task with DEV or IO capability to interact with another task's IRQ line, potentially leading to denial of service (DoS) and covert channels. This could impact the integrity and availability of the system.

However, there is no specific information provided about how this vulnerability directly affects compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-40337. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart