CVE-2026-5590 MEDIUM

CVE-2026-5590: net: ip/tcp: Null pointer dereference can be triggered by a race condition

Vendor Zephyrproject-Rtos
Product Zephyr
Weakness CWE-476
Published April 5, 2026
Last update April 6, 2026

CVSS base score

6.4/10
Attack vector Network
Attack complexity High
Privileges required Low
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H

What the vulnerability does

01Description

A race condition during TCP connection teardown can cause tcp_recv() to operate on a connection that has already been released. If tcp_conn_search() returns NULL while processing a SYN packet, a NULL pointer derived from stale context data is passed to tcp_backlog_is_full() and dereferenced without validation, leading to a crash.

Key dates

02Disclosure timeline

April 5, 2026 CVE published
April 6, 2026 Record updated