CVE-2026-5072: Vulnerability in zephyrproject-rtos Zephyr
A bitwise shift vulnerability in Zephyr's PTP subsystem allows a remote attacker to cause undefined behavior and potential system crashes. An attacker sends a crafted PTP_MSG_MANAGEMENT message to set an unvalidated negative log_announce_interval value in the port's data set. When a subsequent PTP_MSG_ANNOUNCE message is processed, port_timer_set_timeout_random computes a timeout as NSEC_PER_SEC >> -log_seconds; if the attacker-supplied value is sufficiently negative (e.g., -127), the shift amount exceeds the 64-bit integer width, triggering undefined behavior in C. This can cause a system crash via a compiler-generated illegal instruction trap on some architectures, or produce an erroneous zero timeout leading to resource starvation loops or other logical errors.
AI Analysis
Technical Summary
This vulnerability involves improper validation of the log_announce_interval parameter in Zephyr's Precision Time Protocol (PTP) subsystem. An attacker can send a malicious PTP_MSG_MANAGEMENT message to set a negative value for log_announce_interval. Later, when a PTP_MSG_ANNOUNCE message is processed, the system performs a right bitwise shift by this negative value, exceeding the 64-bit integer width and causing undefined behavior in C. This can result in system crashes due to illegal instruction traps on some architectures or cause erroneous zero timeouts leading to resource starvation or other logical errors.
Potential Impact
The impact includes potential system crashes via illegal instruction traps and logical errors such as resource starvation loops. These effects can disrupt normal operation of devices running the affected Zephyr RTOS versions. There are no known exploits in the wild at this time.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, users should consider restricting or validating PTP message inputs if possible to prevent exploitation of this vulnerability.
CVE-2026-5072: Vulnerability in zephyrproject-rtos Zephyr
Description
A bitwise shift vulnerability in Zephyr's PTP subsystem allows a remote attacker to cause undefined behavior and potential system crashes. An attacker sends a crafted PTP_MSG_MANAGEMENT message to set an unvalidated negative log_announce_interval value in the port's data set. When a subsequent PTP_MSG_ANNOUNCE message is processed, port_timer_set_timeout_random computes a timeout as NSEC_PER_SEC >> -log_seconds; if the attacker-supplied value is sufficiently negative (e.g., -127), the shift amount exceeds the 64-bit integer width, triggering undefined behavior in C. This can cause a system crash via a compiler-generated illegal instruction trap on some architectures, or produce an erroneous zero timeout leading to resource starvation loops or other logical errors.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability involves improper validation of the log_announce_interval parameter in Zephyr's Precision Time Protocol (PTP) subsystem. An attacker can send a malicious PTP_MSG_MANAGEMENT message to set a negative value for log_announce_interval. Later, when a PTP_MSG_ANNOUNCE message is processed, the system performs a right bitwise shift by this negative value, exceeding the 64-bit integer width and causing undefined behavior in C. This can result in system crashes due to illegal instruction traps on some architectures or cause erroneous zero timeouts leading to resource starvation or other logical errors.
Potential Impact
The impact includes potential system crashes via illegal instruction traps and logical errors such as resource starvation loops. These effects can disrupt normal operation of devices running the affected Zephyr RTOS versions. There are no known exploits in the wild at this time.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, users should consider restricting or validating PTP message inputs if possible to prevent exploitation of this vulnerability.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- zephyr
- Date Reserved
- 2026-03-27T23:46:06.666Z
- Cvss Version
- null
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a10096fe1370fbb48c6516f
Added to database: 5/22/2026, 7:44:47 AM
Last enriched: 5/22/2026, 7:59:41 AM
Last updated: 5/23/2026, 8:00:28 PM
Views: 20
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.