CVE-2026-14629
MediumCVSS 4.3Exploitation Probability (EPSS)
Low risk23th percentile — higher than 23% of all known CVEs
Summary
A vulnerability in RT-Thread up to version 5.2.2 affects the read/write/sys_ioctl function in components/lwp/lwp_syscall.c. Parameter manipulation can cause a divide-by-zero error, exploitable remotely. An exploit has been published and a fix is pending.
Risk Assessment
An attacker can remotely trigger a divide-by-zero fault, leading to system crash and denial of service (DoS), potentially compromising IoT devices running RT-Thread.
Recommendation
Apply the pending fix from the pull request immediately or upgrade RT-Thread to a patched version once released. Restrict access to affected functions until then.
Original NVD description (English source)
A flaw has been found in RT-Thread up to 5.2.2. Affected is the function read/write/sys_ioctl of the file components/lwp/lwp_syscall.c of the component Parameter Handler. Executing a manipulation can lead to divide by zero. The attack may be launched remotely. The exploit has been published and may be used. The pull request to fix this issue awaits acceptance.

