CVE-2026-5072— ptp: Potential Denial of Service via PTP Interval Shift
Possible ATT&CK Techniques 1AI
T1190 · Exploit Public-Facing ApplicationAffected Version Matrix 1
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| zephyrproject-rtos | Zephyr | *≤ 4.3 | affected |
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-5072
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
ptp: Potential Denial of Service via PTP Interval Shift
Source: NVD (National Vulnerability Database)
Vulnerability Description
A bitwise shift vulnerability in Zephyr's PTP subsystem allows a remote attacker to cause undefined behavior and potential system crashes. An attacker sends a crafted PTP_MSG_MANAGEMENT message to set an unvalidated negative log_announce_interval value in the port's data set. When a subsequent PTP_MSG_ANNOUNCE message is processed, port_timer_set_timeout_random computes a timeout as NSEC_PER_SEC >> -log_seconds; if the attacker-supplied value is sufficiently negative (e.g., -127), the shift amount exceeds the 64-bit integer width, triggering undefined behavior in C. This can cause a system crash via a compiler-generated illegal instruction trap on some architectures, or produce an erroneous zero timeout leading to resource starvation loops or other logical errors.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Zephyr 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Zephyr是Zephyr开源的一个可扩展的实时操作系统 (RTOS)。 Zephyr存在安全漏洞,该漏洞源于位偏移问题,可能导致远程攻击者通过发送特制的PTP_MSG_MANAGEMENT消息设置未验证的负log_announce_interval值,在后续处理PTP_MSG_ANNOUNCE消息时触发未定义行为,导致系统崩溃或资源耗尽。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| zephyrproject-rtos | Zephyr | * ~ 4.3 | - |
II. Public POCs for CVE-2026-5072
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-5072
请登录查看更多情报信息。
Vendor Advisories for CVE-2026-5072 (1)
IV. Related Vulnerabilities
Same product: Zephyr
- CVE-2026-10641
Out-of-bounds write in Bluetooth HFP Hands-Free CIND indicat - CVE-2026-10640
Use-after-free reading `net_pkt` `iface` after send in IPv6 - CVE-2026-10639
Use-after-free reading `net_pkt_iface()` of a sent ICMPv4 ec - CVE-2026-10638
Use-after-free in Zephyr ICMPv6 RX path when updating statis - CVE-2026-10637
Use-after-free of net_pkt in IPv6 MLD send path triggerable
Same vendor: zephyrproject-rtos
- CVE-2026-5068
bt: l2cap le coc: remote oob write via seg counter stored in - CVE-2026-5067
Out-of-bounds read/write in HTTP WebSocket upgrade via non-n - CVE-2026-5066
net: sockets: tls: Potential out-of-bounds write/read in soc - CVE-2026-5589
Out-of-bounds write caused by an integer underflow in the Bl - CVE-2026-5071
can: Local Denial of Service via SocketCAN Send
V. Comments for CVE-2026-5072
No comments yet