CVE-2026-13351
HighCVSS 7.5Exploitation Probability (EPSS)
Low risk20th percentile — higher than 20% of all known CVEs
Summary
The IPv6 stack in Zephyr can be prevented from receiving or processing future incoming packets by sending a small number of maliciously fragmented IPv6 packets. When such a packet is handled by the fragment-header processing path, the associated RX network packet buffer (allocated from a memory slab) is not released back to the pool. Repeating the malicious packet exhausts all RX buffer slots, after which the device can no longer obtain RX buffers and stops receiving traffic, resulting in a denial of service.
Risk Assessment
The risk is a remote DoS attack on Zephyr-based devices, potentially disrupting normal operation and network communication, which could impact critical processes in IoT or industrial environments.
Recommendation
It is recommended to immediately update Zephyr to a version containing a fix for the RX buffer leak in the IPv6 fragment processing path. If an update is not possible, consider temporarily disabling IPv6 fragmentation support or applying network filters to block suspicious packets.
Original NVD description (English source)
Zephyr's IPv6 network stack can be prevented from receiving or processing future incoming packets by sending a small number of maliciously fragmented IPv6 packets. When such a packet is handled by the fragment-header processing path, the associated RX network packet buffer (allocated from a memory slab) is not released back to the pool. Repeating the malicious packet exhausts all RX buffer slots, after which the device can no longer obtain RX buffers and stops receiving traffic, resulting in a denial of service.

