Review
zephyrproject-rtos
CVE published 2026-05-22
CVE-2026-5072
CVE-2026-5072 is a remotely reachable denial-of-service issue in Zephyr's PTP subsystem. A crafted PTP_MSG_MANAGEMENT message can set an unvalidated negative log_announce_interval value, and later processing of a PTP_MSG_ANNOUNCE message can drive an invalid right-shift in timeout calculation. Because the shift amount can exceed the width of the integer type, the behavior is undefined in C and may crash t [truncated]