CVE-2026-1679

HIGH7.3/ 10.0
Share:
Published: March 28, 2026 at 12:16 AM
Modified: March 31, 2026 at 08:35 PM
Source: vulnerabilities@zephyrproject.org

Vulnerability Description

The eswifi socket offload driver copies user-provided payloads into a fixed buffer without checking available space; oversized sends overflow `eswifi->buf`, corrupting kernel memory (CWE-120). Exploit requires local code that can call the socket send API; no remote attacker can reach it directly.

CVSS Metrics

Base Score
7.3
Severity
HIGH
Vector String
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H

Weaknesses (CWE)

CWE-120
Source: vulnerabilities@zephyrproject.org

References & Intelligence

https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-qx3g-5g22-fq5w
Source: vulnerabilities@zephyrproject.org
ExploitPatchVendor Advisory

Related Resources

Browse CVE Database
Search 294,000+ vulnerabilities
CVEs from 2026
View all vulnerabilities this year
CWE Database
Explore weakness categories
Security Writeups
Learn from real-world examples
About 4nuxd
Cybersecurity research & tools
Homepage
Explore more security resources