CVE-2026-1681
Stack Overflow in Zephyr RTOS via ICMP Ping
Publication date: 2026-05-12
Last updated on: 2026-05-12
Assigner: Zephyr Project
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| zephyrproject | zephyr | to 4.3 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-674 | The product does not properly control the amount of recursion that takes place, consuming excessive resources, such as allocated memory or the program stack. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-1681 is a stack overflow vulnerability in the Zephyr RTOS that occurs when a ping command is issued to the device's own IPv4 address using the net shell command (e.g., `net ping 10.42.0.2`).
The vulnerability happens because the network stack recursively re-enters the input path on the same system work-queue stack when processing both the echo request and the echo reply inline. This recursive processing causes the stack frames to nest excessively, exceeding the allocated stack size and triggering a stack overflow.
When the stack overflow occurs, the Memory Protection Unit (MPU) detects the overwrite, which leads to a bus fault and causes the system to halt.
This issue is classified as CWE-674 (Uncontrolled Recursion) and has a CVSS score of 6.1, indicating a moderate severity.
How can this vulnerability impact me? :
This vulnerability impacts the availability and integrity of the affected system.
Specifically, the stack overflow caused by recursive processing leads to a bus fault and system halt, which means the device can crash or become unresponsive.
An attacker with local access and the ability to trigger the ping command can cause a denial of service by making the system stop functioning properly.
The vulnerability does not impact confidentiality.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by issuing a ping command to the device's own IPv4 address using the net shell command.
- Use the command `net ping <device_own_IP>` (e.g., `net ping 10.42.0.2`).
If the system experiences a stack overflow, it will trigger a bus fault and cause the system to halt, indicating the presence of the vulnerability.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, apply the patch proposed in PR #102268 for Zephyr RTOS versions up to 4.3.
Avoid issuing ping commands to the device's own IP address until the patch is applied.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability impacts the availability and integrity of the affected system but does not affect confidentiality.
Since it does not compromise confidentiality or expose personal data, it is unlikely to directly violate data protection regulations such as GDPR or HIPAA, which primarily focus on protecting personal data privacy and confidentiality.
However, the availability and integrity impact could indirectly affect compliance if the affected system is critical for maintaining regulatory controls or service continuity.