CVE-2026-5072
Bitwise Shift Vulnerability in Zephyr RTOS PTP Subsystem
Publication date: 2026-05-22
Last updated on: 2026-05-22
Assigner: Zephyr Project
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| zephyrproject | zephyr | to 4.3 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :
This vulnerability can lead to a Denial of Service (DoS) condition by causing the system to crash or enter resource starvation loops. Since the vulnerability affects system availability, an attacker can disrupt the normal operation of devices running the Zephyr RTOS by sending crafted PTP messages.
The attack requires no privileges or user interaction and can be executed from an adjacent network, making it relatively easy for an attacker to exploit.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.
Can you explain this vulnerability to me?
CVE-2026-5072 is a vulnerability in the Zephyr RTOS Precision Time Protocol (PTP) subsystem caused by improper handling of a bitwise shift operation. A remote attacker can send a specially crafted PTP management message containing a large negative value for log_announce_interval. This negative value is not validated and is used in a bitwise shift operation that exceeds the 64-bit integer width, leading to undefined behavior in C.
This undefined behavior can cause the system to crash due to illegal instruction traps on some architectures or produce incorrect timeout values such as zero, which may lead to resource starvation loops or other logical errors.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring network traffic for crafted PTP_MSG_MANAGEMENT or Delay Response packets containing unusually large or negative log_announce_interval values. Since the attack involves sending malformed PTP messages with invalid negative intervals, inspecting PTP packets for such anomalies is key.
Specific commands are not provided in the available resources, but network packet capture tools like tcpdump or Wireshark can be used to capture and analyze PTP traffic. For example, using tcpdump to filter PTP packets and then inspecting the log_announce_interval field for invalid values could help detect attempts to exploit this vulnerability.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation involves applying patches provided by the Zephyr project that validate the log_announce_interval and log_min_delay_req_interval values against PTP specification limits upon receipt. This prevents the processing of maliciously crafted negative values that trigger the vulnerability.
Additionally, restricting or filtering PTP traffic from untrusted or adjacent networks can reduce exposure, as the attack vector is adjacent and requires no privileges or user interaction.