{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2026-5072","assignerOrgId":"e2e69745-5e70-4e92-8431-deb5529a81ad","state":"PUBLISHED","assignerShortName":"zephyr","dateReserved":"2026-03-27T23:46:06.666Z","datePublished":"2026-05-22T07:00:36.025Z","dateUpdated":"2026-05-26T17:46:20.976Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","packageName":"Zephyr","product":"Zephyr","repo":"https://github.com/zephyrproject-rtos/zephyr","vendor":"zephyrproject-rtos","versions":[{"lessThanOrEqual":"4.3","status":"affected","version":"*","versionType":"git"}]}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"ptp: Potential Denial of Service via PTP Interval Shift"}],"value":"A bitwise shift vulnerability in Zephyr's PTP subsystem allows a remote attacker to cause undefined behavior and potential system crashes. An attacker sends a crafted PTP_MSG_MANAGEMENT message to set an unvalidated negative log_announce_interval value in the port's data set. When a subsequent PTP_MSG_ANNOUNCE message is processed, port_timer_set_timeout_random computes a timeout as NSEC_PER_SEC >> -log_seconds; if the attacker-supplied value is sufficiently negative (e.g., -127), the shift amount exceeds the 64-bit integer width, triggering undefined behavior in C. This can cause a system crash via a compiler-generated illegal instruction trap on some architectures, or produce an erroneous zero timeout leading to resource starvation loops or other logical errors."}],"providerMetadata":{"orgId":"e2e69745-5e70-4e92-8431-deb5529a81ad","shortName":"zephyr","dateUpdated":"2026-05-22T07:00:36.025Z"},"references":[{"url":"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-3v98-458v-388r"}],"source":{"discovery":"UNKNOWN"},"title":"ptp: Potential Denial of Service via PTP Interval Shift","x_generator":{"engine":"swg-tools/create-cve-info"}},"adp":[{"problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-1335","lang":"en","description":"CWE-1335 Incorrect Bitwise Shift of Integer"}]}],"metrics":[{"cvssV3_1":{"scope":"UNCHANGED","version":"3.1","baseScore":6.5,"attackVector":"ADJACENT_NETWORK","baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","integrityImpact":"NONE","userInteraction":"NONE","attackComplexity":"LOW","availabilityImpact":"HIGH","privilegesRequired":"NONE","confidentialityImpact":"NONE"}},{"other":{"type":"ssvc","content":{"timestamp":"2026-05-22T16:27:18.853870Z","id":"CVE-2026-5072","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-05-26T17:46:20.976Z"}}]}}