CVE-2026-10667

zephyrproject · zephyr

A use-after-free vulnerability in the Zephyr RTOS kernel-object tracking mechanism could allow unauthorized operations.

Executive summary

A high-severity use-after-free vulnerability exists in the Zephyr RTOS kernel, potentially allowing a local attacker to trigger memory corruption or unauthorized system actions.

Vulnerability

The vulnerability is a use-after-free (CWE-416) condition found within the dynamic kernel-object tracking logic, which can be triggered by a local attacker to manipulate kernel-space memory.

Business impact

With a CVSS score of 7.8, this vulnerability poses a critical risk to systems running the Zephyr RTOS. Successful exploitation could lead to system crashes (DoS) or the potential for privilege escalation, compromising the reliability of embedded or IoT devices.

Remediation

Immediate Action: Review the Zephyr project security advisories and apply the latest kernel updates provided by the project to ensure the fix is implemented.

Proactive Monitoring: Monitor device stability and kernel logs for memory-related errors or unexpected reboots that may indicate exploitation attempts.

Compensating Controls: Implement memory protection features and kernel hardening where supported by the specific hardware platform to limit the impact of memory corruption.

Exploitation status

Public Exploit Available: Unknown.

Analyst recommendation

Given the critical nature of RTOS kernel vulnerabilities, it is imperative that all developers and administrators running versions of Zephyr prior to 4.5.0 update their codebase immediately. Refer to the official GitHub advisory for specific commit-level remediation details.