CVE-2026-14629
Received Received - Intake

Divide by Zero in RT-Thread Parameter Handler

Vulnerability report for CVE-2026-14629, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-04

Last updated on: 2026-07-04

Assigner: VulDB

Description

A flaw has been found in RT-Thread up to 5.2.2. Affected is the function read/write/sys_ioctl of the file components/lwp/lwp_syscall.c of the component Parameter Handler. Executing a manipulation can lead to divide by zero. The attack may be launched remotely. The exploit has been published and may be used. The pull request to fix this issue awaits acceptance.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-04
Last Modified
2026-07-04
Generated
2026-07-04
AI Q&A
2026-07-04
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
rt-thread rt-thread to 5.2.2 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-369 The product divides a value by zero.
CWE-404 The product does not release or incorrectly releases a resource before it is made available for re-use.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability exists in RT-Thread up to version 5.2.2, specifically in the read/write/sys_ioctl functions of the Parameter Handler component. The issue arises because the sys_ioctl function forwards user-controlled pointers directly to kernel-side ioctl calls without proper validation or copying. This allows an attacker to pass invalid or malicious pointers, potentially causing kernel crashes.

On certain hardware like the imx6ull-smart UART, if an attacker sets the baud_rate field to zero in a serial configuration structure, it can trigger a divide-by-zero error during UART configuration, leading to a crash.

The vulnerability can be exploited remotely and the exploit code has been published. A fix is pending acceptance that involves validating and copying ioctl payloads before processing and rejecting invalid configurations early.

Impact Analysis

This vulnerability can lead to system instability or crashes due to kernel panics caused by invalid pointer dereferences or divide-by-zero errors. An attacker with access to a serial device node could exploit this to cause denial of service by crashing the system.

Because the issue involves unchecked user pointers reaching kernel code, it may also allow attackers to cause invalid configurations or unexpected behavior in serial device drivers.

Detection Guidance

This vulnerability involves manipulation of ioctl calls on serial device nodes in RT-Thread, potentially causing kernel crashes due to unchecked user pointers and invalid baud_rate values.

Detection can focus on monitoring unusual or malformed ioctl calls to serial devices, especially those that attempt to set baud_rate to zero or pass invalid pointers.

Since the vulnerability is triggered by user-space processes passing unchecked pointers to kernel ioctl handlers, commands that monitor or log ioctl usage on serial devices may help detect exploitation attempts.

  • Use system call tracing tools like strace or similar to monitor ioctl calls on serial device files (e.g., /dev/ttyS*). Example: strace -e ioctl -p <pid> or strace -e ioctl -f -p <pid> to follow forks.
  • Check kernel logs (dmesg) for crashes or divide-by-zero errors related to serial device configuration.
  • Audit serial device ioctl usage with auditd rules to log suspicious ioctl commands or invalid parameter usage.

Specific commands depend on your environment and tools available, but monitoring ioctl calls and kernel logs related to serial devices is key.

Mitigation Strategies

Immediate mitigation steps focus on preventing exploitation of the unchecked user pointer and invalid baud_rate values in serial ioctl handling.

  • Restrict access to serial device nodes (/dev/ttyS* or equivalent) to trusted users only, minimizing the risk of unprivileged users triggering the vulnerability.
  • Monitor and audit ioctl calls on serial devices to detect and block suspicious activity.
  • Apply the patch from the official pull request that hardens user-pointer management, validates baud_rate values, and rejects invalid serial configurations once it is accepted and available.

Until the patch is applied, avoid running untrusted code that can access serial devices and consider disabling or limiting serial device usage if feasible.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-14629. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart