CVE-2026-10655 | zephyrproject zephyr up to 4.4.x Network Socket Service sntp.c recv_q use after free (GHSA-34wr-cg29-c4mw)
A vulnerability labeled as critical has been found in zephyrproject zephyr up to 4.4.x. This affects an unknown function in the library subsys/net/lib/config/init_clock_sntp.c of the file subsys/net/lib/sntp/sntp.c of the component Network Socket Service. Such manipulation of the argument recv_q leads to use after free.
This vulnerability is listed as CVE-2026-10655. The attack may be performed from remote. There is no available exploit.
The affected component should be upgraded.VulDB Recent EntriesRead More