CVE-2026-5072 - Vulnerability Details

A bitwise shift vulnerability in Zephyr's PTP subsystem allows a remote attacker to cause undefined behavior and potential system crashes. An attacker sends a crafted PTP_MSG_MANAGEMENT message to set an unvalidated negative log_announce_interval value in the port's data set. When a subsequent PTP_MSG_ANNOUNCE message is processed, port_timer_set_timeout_random computes a timeout as NSEC_PER_SEC >> -log_seconds; if the attacker-supplied value is sufficiently negative (e.g., -127), the shift amount exceeds the 64-bit integer width, triggering undefined behavior in C. This can cause a system crash via a compiler-generated illegal instruction trap on some architectures, or produce an erroneous zero timeout leading to resource starvation loops or other logical errors.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

zephyrproject-rtos

Zephyr

unaffected

Version	Status	Constraints
`*`	affected	≤ 4.3

No data.

OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.

Vendors	Products
Zephyrproject-rtos Subscribe	Zephyr Subscribe

Project Subscriptions

Vendors	Products
Zephyrproject-rtos Subscribe	Zephyr Subscribe

Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-3v98-458v-388r

History

Fri, 22 May 2026 08:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Zephyrproject-rtos Zephyrproject-rtos zephyr
Vendors & Products		Zephyrproject-rtos Zephyrproject-rtos zephyr

Fri, 22 May 2026 07:45:00 +0000

Type	Values Removed	Values Added
Description		A bitwise shift vulnerability in Zephyr's PTP subsystem allows a remote attacker to cause undefined behavior and potential system crashes. An attacker sends a crafted PTP_MSG_MANAGEMENT message to set an unvalidated negative log_announce_interval value in the port's data set. When a subsequent PTP_MSG_ANNOUNCE message is processed, port_timer_set_timeout_random computes a timeout as NSEC_PER_SEC >> -log_seconds; if the attacker-supplied value is sufficiently negative (e.g., -127), the shift amount exceeds the 64-bit integer width, triggering undefined behavior in C. This can cause a system crash via a compiler-generated illegal instruction trap on some architectures, or produce an erroneous zero timeout leading to resource starvation loops or other logical errors.
Title		ptp: Potential Denial of Service via PTP Interval Shift
References		https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-3v98-458v-388r

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: zephyr

Published: 2026-05-22T07:00:36.025Z

Updated: 2026-05-22T07:00:36.025Z

Reserved: 2026-03-27T23:46:06.666Z

Link: CVE-2026-5072

Vulnrichment

No data.

NVD

No data.

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-05-22T08:30:30Z

Weaknesses

No weakness.

Project Subscriptions

Projects

JSON object

JSON object

JSON object

JSON object

JSON object