CVE-2026-37540
Analyzed Analyzed - Analysis Complete
Integer Overflow in OpenAMP ELF Loader

Publication date: 2026-05-01

Last updated on: 2026-05-29

Assigner: MITRE

Description
OpenAMP v2025.10.0 ELF loader contains an integer overflow vulnerability in firmware image parsing. In elf_loader.c, it performs multiplication of two attacker-controlled 16-bit values from the ELF header without overflow checking. On 32-bit embedded systems (STM32MP1, Zynq, i.MX), large values can cause the product to wrap around to a small value.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-01
Last Modified
2026-05-29
Generated
2026-06-16
AI Q&A
2026-05-01
EPSS Evaluated
2026-06-14
NVD
CVE-2026-37540
EUVD
EUVD-2026-26693
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linaro openamp 2025.10.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-190 The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in OpenAMP v2025.10.0 within its ELF loader component. It is caused by an integer overflow during firmware image parsing. Specifically, in the elf_loader.c file, the code multiplies two 16-bit values from the ELF header that are controlled by an attacker without checking for overflow. On 32-bit embedded systems such as STM32MP1, Zynq, and i.MX, if these values are large, their product can wrap around to a smaller value, leading to incorrect behavior.

Impact Analysis

The integer overflow can lead to serious security impacts on affected embedded systems. According to the CVSS v3.1 score of 8.4, this vulnerability allows an attacker with local access to cause high impact on confidentiality, integrity, and availability. This means an attacker could potentially execute arbitrary code, corrupt firmware, or cause denial of service on the device.

Compliance Impact

The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Detection Guidance

This vulnerability involves improper handling of ELF file parsing in the OpenAMP ELF loader, specifically due to integer overflow when processing attacker-controlled 16-bit values in the ELF header.

To detect this vulnerability on your system, you should monitor for crashes or abnormal behavior in applications using the OpenAMP library, especially when processing ELF firmware images.

Since the vulnerability is triggered by malicious ELF files, you can attempt to identify suspicious ELF files by inspecting ELF headers for unusually large 16-bit values that could cause overflow.

Commands to inspect ELF files include using standard Linux tools such as:

  • readelf -h <file> # To display ELF header information
  • readelf -l <file> # To display program headers
  • objdump -h <file> # To display section headers

You can script checks to flag ELF files with suspiciously large 16-bit values in header fields that could trigger the integer overflow.

Mitigation Strategies

Immediate mitigation steps include:

  • Avoid processing untrusted or unauthenticated ELF firmware images with the vulnerable OpenAMP version (v2025.10.0).
  • Apply input validation or filtering on ELF files before they are parsed by the OpenAMP ELF loader to prevent maliciously crafted files from triggering the overflow.
  • Monitor for updates or patches from the OpenAMP project addressing this vulnerability and apply them as soon as they become available.
  • If possible, restrict access to the systems or components that use OpenAMP to trusted users and networks to reduce the risk of exploitation.
Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-37540. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart