CVE-2026-0849 PUBLISHED

crypto: ATAES132A response length allows stack buffer overflow

Assigner: zephyr
Reserved: 11.01.2026 Published: 14.03.2026 Updated: 14.03.2026

Malformed ATAES132A responses with an oversized length field overflow a 52-byte stack buffer in the Zephyr crypto driver, allowing a compromised device or bus attacker to corrupt kernel memory and potentially hijack execution.

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
CVSS Score: 3.8

Attack Vector	Physical	Scope	Unchanged
Attack Complexity	High	Confidentiality Impact	Low
Privileges Required	Low	Integrity Impact	Low
User Interaction	None	Availability Impact	Low

CVSS 3.1

Product Status

Vendor	zephyrproject-rtos
Product	Zephyr
Versions	Default: unaffected affected from * to 4.3 (incl.)

References

https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-ff4p-3ggg-prp6

Problem Types

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE