CVE-2026-1679

HIGH EPSS 11.9%

Published Mar 28, 20263mo ago · Modified Jun 17, 20261w ago

7.8 CVSS 3.1

High

Published Mar 28, 2026 3mo ago

Last Modified Jun 17, 2026 1w ago

Description

The eswifi socket offload driver copies user-provided payloads into a fixed buffer without checking available space; oversized sends overflow `eswifi->buf`, corrupting kernel memory (CWE-120). Exploit requires local code that can call the socket send API; no remote attacker can reach it directly.

CVSS Details

Base Score

7.8

Exploitability

1.8

Impact

5.9

Vector string

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector Local

Attack Complexity Low

Privileges Required Low

User Interaction None

Scope Unchanged

Confidentiality High

Integrity High

Availability High

Threat Intelligence

EPSS Exploit Probability

11.9% percentile

Exploit & Patch Status

Public Exploit Known

Patch Available

Weaknesses 1

CWE-120

Affected Products 1

Vendor	Product	Version	Range
zephyrproject	zephyr	*	≤4.3.0

References 1

github.com https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-qx3g-5g22-fq5w

ExploitPatchVendor Advisory

Remediation

github.com https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-qx3g-5g22-fq5w

ExploitPatchVendor Advisory