UNKNOWNCVE-2026-5590
net: ip/tcp: Null pointer dereference can be triggered by a race condition
Platform
linux
Component
zephyr
A race condition during TCP connection teardown can cause tcp_recv() to operate on a connection that has already been released. If tcp_conn_search() returns NULL while processing a SYN packet, a NULL pointer derived from stale context data is passed to tcp_backlog_is_full() and dereferenced without validation, leading to a crash.
How to fix
Actualice a una versión de Zephyr posterior a la 4.3. Esta actualización corrige una condición de carrera en el proceso de finalización de la conexión TCP que podría provocar un fallo del sistema debido a un acceso a memoria nula.
Monitor your dependencies automatically
Get notified when new vulnerabilities affect your projects. Free forever.
Start free