CVE-2026-37540
Integer Overflow in OpenAMP ELF Loader
Publication date: 2026-05-01
Last updated on: 2026-05-07
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| openamp | openamp | 2025.10.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-190 | The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in OpenAMP v2025.10.0 within its ELF loader component. It is caused by an integer overflow during firmware image parsing. Specifically, in the elf_loader.c file, the code multiplies two 16-bit values from the ELF header that are controlled by an attacker without checking for overflow. On 32-bit embedded systems such as STM32MP1, Zynq, and i.MX, if these values are large, their product can wrap around to a smaller value, leading to incorrect behavior.
How can this vulnerability impact me? :
The integer overflow can lead to serious security impacts on affected embedded systems. According to the CVSS v3.1 score of 8.4, this vulnerability allows an attacker with local access to cause high impact on confidentiality, integrity, and availability. This means an attacker could potentially execute arbitrary code, corrupt firmware, or cause denial of service on the device.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves improper handling of ELF file parsing in the OpenAMP ELF loader, specifically due to integer overflow when processing attacker-controlled 16-bit values in the ELF header.
To detect this vulnerability on your system, you should monitor for crashes or abnormal behavior in applications using the OpenAMP library, especially when processing ELF firmware images.
Since the vulnerability is triggered by malicious ELF files, you can attempt to identify suspicious ELF files by inspecting ELF headers for unusually large 16-bit values that could cause overflow.
Commands to inspect ELF files include using standard Linux tools such as:
- readelf -h <file> # To display ELF header information
- readelf -l <file> # To display program headers
- objdump -h <file> # To display section headers
You can script checks to flag ELF files with suspiciously large 16-bit values in header fields that could trigger the integer overflow.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include:
- Avoid processing untrusted or unauthenticated ELF firmware images with the vulnerable OpenAMP version (v2025.10.0).
- Apply input validation or filtering on ELF files before they are parsed by the OpenAMP ELF loader to prevent maliciously crafted files from triggering the overflow.
- Monitor for updates or patches from the OpenAMP project addressing this vulnerability and apply them as soon as they become available.
- If possible, restrict access to the systems or components that use OpenAMP to trusted users and networks to reduce the risk of exploitation.