Vulnerabilidades en zephyrproject
8 resultadosCVE-2026-10638MEDIUMUse-after-free in Zephyr ICMPv6 RX path when updating statistics after sending an echo reply or errorEPSS 0.3%CVE-2026-10636LOWUse-after-free in Zephyr IPv4 IGMP send path (igmp_send)EPSS 0.3%CVE-2026-10639MEDIUMUse-after-free reading `net_pkt_iface()` of a sent ICMPv4 echo-reply packet in `icmpv4_handle_echo_request()`EPSS 0.2%CVE-2026-10637MEDIUMUse-after-free of net_pkt in IPv6 MLD send path triggerable by a link-local MLD QueryEPSS 0.2%CVE-2026-10641HIGHOut-of-bounds write in Bluetooth HFP Hands-Free CIND indicator parsing (cind_handle_values)EPSS 0.2%CVE-2026-10635MEDIUMDangling memory-domain pointer (use-after-free) in Xtensa MMU page-table code on memory-domain de-initEPSS 0.2%CVE-2026-10634MEDIUMUse-after-free in Zephyr native TCP net_tcp_foreach() due to dropping tcp_lock during the callbackEPSS 0.2%CVE-2026-10640MEDIUMUse-after-free reading `net_pkt` `iface` after send in IPv6 Neighbor Discovery (`ipv6_nbr.c`)EPSS 0.1%