PatchSiren cyber security CVE debrief
CVE-2026-10665 zephyrproject CVE debrief
The CVE-2026-10665 vulnerability is an out-of-bounds write issue in the Zephyr WireGuard subsystem. The `wg_process_data_message()` function in `wg_crypto.c` linearizes an inbound transport-data payload into a fixed pool buffer without properly checking the length, leading to a potential buffer overflow. This vulnerability can be exploited by a malicious or compromised peer over the network, resulting in remote memory corruption and a reliable denial of service. The defect was present in the WireGuard implementation shipped in Zephyr 4.4.0. The fix adds an explicit `data_len > CONFIG_WIREGUARD_BUF_LEN` rejection and corrects the linearize call to pass `net_buf_max_len(buf)` as the destination capacity.
- Vendor
- zephyrproject
- Product
- zephyr
- CVSS
- HIGH 7.4
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-12
- Original CVE updated
- 2026-07-12
- Advisory published
- 2026-07-12
- Advisory updated
- 2026-07-12
Who should care
Organizations using Zephyr 4.4.0 with the WireGuard subsystem enabled should prioritize patching this vulnerability to prevent potential remote memory corruption and denial of service attacks. Affected operator, platform, vulnerability-management, and security-team impact need to be reviewed. Security teams should review compensating controls for exposed systems while remediation is scheduled and verified.
Technical summary
The vulnerability is caused by the `wg_process_data_message()` function passing the attacker-derived `data_len` as both the destination capacity and the copy length to `net_buf_linearize()`. This allows an attacker to write past the end of the pool buffer, resulting in an out-of-bounds write. The fix adds an explicit `data_len > CONFIG_WIREGUARD_BUF_LEN` rejection and corrects the linearize call to pass `net_buf_max_len(buf)` as the destination capacity. The vulnerability can be exploited by a malicious or compromised peer over the network, resulting in remote memory corruption and a reliable denial of service.
Defensive priority
High
Recommended defensive actions
- Apply the official patch from Zephyr to fix the vulnerability
- Review and update Zephyr configurations to ensure CONFIG_WIREGUARD_BUF_LEN is properly set
- Implement network monitoring to detect potential exploitation attempts
- Consider applying compensating controls, such as network segmentation or access restrictions
- Review relevant monitoring, detection, and logs for exposed assets that need extra review
- Track exceptions, retest remediated assets, and close the item only after evidence is documented
- Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up
Evidence notes
The vulnerability was introduced in Zephyr 4.4.0 and can be exploited by a malicious or compromised peer over the network. The fix is available in the latest Zephyr version. Evidence is limited, and defenders should verify affected scope and vendor guidance. Affected product deployments need to be identified and patched. Compensating controls may be necessary for exposed systems.
Official resources
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-12T17:16:24.433Z and has not been modified since then.