CVE-2026-4179

🔶 medium

🔍 Scan for this CVE

Issues in stm32 USB device driver (drivers/usb/device/usb_dc_stm32.c) can lead to an infinite while loop.

CVSS Score

6.1

Medium

EPSS Score

0.0

Exploit Probability

Published Date

2026-03-16

First Seen: 2026-03-17

This CVE is Lower Risk - more severe than 38.8% of all 330,193 vulnerabilities in our database.

#202,011

Below average severity

Severity Percentile

🔍 Exploitation Status

Poc

Proof-of-concept available

⚙️ Automatable

Requires human interaction

💥 Technical Impact

Partial

Limited system impact

SSVC data provided by CISA

Last Modified 2026-04-02

Source NVD 🔗

CVSS Vector 3.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H

CWE IDs (Weakness Types)

CWE-835

📦 Affected Products 1

Vendor	Product	Status	Affected Versions
zephyrproject	zephyr	Affected	< 4.3.0

Exploit Patch Vendor Advisory

CVE ID	Severity	CVSS	EPSS	Summary	Published
CVE-2026-10641	⚠️ high	7.1	0.2	Zephyr's Bluetooth Classic Hands-Free Profile (HFP) Hands-Free role parser (subsys/bluetooth/host/classic/hfp_hf.c) cont...	2026-06-17
CVE-2026-10635	🔶 medium	6.3	0.1	On Xtensa targets with CONFIG_USERSPACE and CONFIG_XTENSA_MMU, the page-table code (arch/xtensa/core/ptables.c) maintain...	2026-06-16
CVE-2026-10640	🔶 medium	4.2	0.1	Zephyr's IPv6 Neighbor Discovery send paths (net_ipv6_send_na, net_ipv6_send_ns, net_ipv6_send_rs in subsys/net/ip/ipv6_...	2026-06-16
CVE-2026-1679	⚠️ high	7.3	0.1	The eswifi socket offload driver copies user-provided payloads into a fixed buffer without checking available space; ove...	2026-03-28
CVE-2026-0849	ℹ️ low	3.8	0.0	Malformed ATAES132A responses with an oversized length field overflow a 52-byte stack buffer in the Zephyr crypto driver...	2026-03-16
CVE-2026-1678	⛔ critical	9.4	0.1	dns_unpack_name() caches the buffer tailroom once and reuses it while appending DNS labels. As the buffer grows, the cac...	2026-03-05

These CVEs affect the same products