eswifi Driver Allows Malicious Data to Overwrite Kernel Memory

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

7.3

eswifi Driver Allows Malicious Data to Overwrite Kernel Memory

CVE-2026-1679

Summary

A security issue in the eswifi driver can be exploited by local attackers who can send oversized data to the socket, potentially causing the system to crash or behave unexpectedly. This issue affects systems with the eswifi driver installed and requires a local attacker to have access to the system. To mitigate this issue, update the eswifi driver to the latest version.

Original title

Original description

The eswifi socket offload driver copies user-provided payloads into a fixed buffer without checking available space; oversized sends overflow `eswifi->buf`, corrupting kernel memory (CWE-120). Exploit requires local code that can call the socket send API; no remote attacker can reach it directly.

nvd CVSS3.1 7.3

Vulnerability type

CWE-120 Classic Buffer Overflow

https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-qx3g-5g22-...

Published: 28 Mar 2026 · Updated: 28 Mar 2026 · First seen: 28 Mar 2026