{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-5072", "assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad", "state": "PUBLISHED", "assignerShortName": "zephyr", "dateReserved": "2026-03-27T23:46:06.666Z", "datePublished": "2026-05-22T07:00:36.025Z", "dateUpdated": "2026-05-22T07:00:36.025Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "packageName": "Zephyr", "product": "Zephyr", "repo": "https://github.com/zephyrproject-rtos/zephyr", "vendor": "zephyrproject-rtos", "versions": [{"lessThanOrEqual": "4.3", "status": "affected", "version": "*", "versionType": "git"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "ptp: Potential Denial of Service via PTP Interval Shift"}], "value": "A bitwise shift vulnerability in Zephyr's PTP subsystem allows a remote attacker to cause undefined behavior and potential system crashes. An attacker sends a crafted PTP_MSG_MANAGEMENT message to set an unvalidated negative log_announce_interval value in the port's data set. When a subsequent PTP_MSG_ANNOUNCE message is processed, port_timer_set_timeout_random computes a timeout as NSEC_PER_SEC >> -log_seconds; if the attacker-supplied value is sufficiently negative (e.g., -127), the shift amount exceeds the 64-bit integer width, triggering undefined behavior in C. This can cause a system crash via a compiler-generated illegal instruction trap on some architectures, or produce an erroneous zero timeout leading to resource starvation loops or other logical errors."}], "providerMetadata": {"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad", "shortName": "zephyr", "dateUpdated": "2026-05-22T07:00:36.025Z"}, "references": [{"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-3v98-458v-388r"}], "source": {"discovery": "UNKNOWN"}, "title": "ptp: Potential Denial of Service via PTP Interval Shift", "x_generator": {"engine": "swg-tools/create-cve-info"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A bitwise shift vulnerability in Zephyr's PTP subsystem allows a remote attacker to cause undefined behavior and potential system crashes. An attacker sends a crafted PTP_MSG_MANAGEMENT message to set an unvalidated negative log_announce_interval value in the port's data set. When a subsequent PTP_MSG_ANNOUNCE message is processed, port_timer_set_timeout_random computes a timeout as NSEC_PER_SEC >> -log_seconds; if the attacker-supplied value is sufficiently negative (e.g., -127), the shift amount exceeds the 64-bit integer width, triggering undefined behavior in C. This can cause a system crash via a compiler-generated illegal instruction trap on some architectures, or produce an erroneous zero timeout leading to resource starvation loops or other logical errors."}], "id": "CVE-2026-5072", "lastModified": "2026-05-22T08:16:15.027", "metrics": {}, "published": "2026-05-22T08:16:15.027", "references": [{"source": "vulnerabilities@zephyrproject.org", "url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-3v98-458v-388r"}], "sourceIdentifier": "vulnerabilities@zephyrproject.org", "vulnStatus": "Received"}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,4.3]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Zephyr", "source": "cna", "vendor": "zephyrproject-rtos"}, "product": "zephyr", "vendor": "zephyrproject-rtos"}], "created": "2026-05-22T08:30:30.863814+00:00", "updated": "2026-05-22T09:30:32.114082+00:00", "vendors": ["zephyrproject-rtos", "zephyrproject-rtos$PRODUCT$zephyr"], "weaknesses": ["CWE-190", "CWE-682"]}