CVE-2026-0849 LOW

CVE-2026-0849: crypto: ATAES132A response length allows stack buffer overflow

Vendor Zephyrproject-Rtos
Product Zephyr
Weakness CWE-120
Published March 14, 2026
Last update March 17, 2026

CVSS base score

3.8/10
Attack vector Physical
Attack complexity High
Privileges required Low
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L

What the vulnerability does

01Description

Malformed ATAES132A responses with an oversized length field overflow a 52-byte stack buffer in the Zephyr crypto driver, allowing a compromised device or bus attacker to corrupt kernel memory and potentially hijack execution.

Key dates

02Disclosure timeline

March 14, 2026 CVE published
March 17, 2026 Record updated