Sentry kernel: Tasks can crash or leak data to other tasks

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

5.1

Sentry kernel: Tasks can crash or leak data to other tasks

CVE-2026-40337

Summary

A bug in Sentry kernel versions before 0.4.7 allows a task with certain capabilities to talk to other tasks or crash the system. This could lead to denial of service or unauthorized data transfer. Update to version 0.4.7 or merge tasks with DEV and IO capabilities to a single task.

Original title

Original description

The Sentry kernel is a high security level micro-kernel implementation made for high security embedded systems. A given task with one of the DEV or IO capability is able to interact with another task's IRQ line through the __sys_int_* syscall familly. Prior to version 0.4.7, this can lead to DoS and covert-channels between this task and the outer world. A patch is available in version 0.4.7. As a workaround, reduce tasks that have the DEV and IO capability to a single one.

nvd CVSS3.1 5.1

Vulnerability type

CWE-283

Published: 18 Apr 2026 · Updated: 18 Apr 2026 · First seen: 18 Apr 2026