CVE-2026-14629 (GCVE-0-2026-14629)
Vulnerability from cvelistv5 – Published: 2026-07-04 13:15 – Updated: 2026-07-04 13:15
VLAI
Title
RT-Thread Parameter lwp_syscall.c sys_ioctl divide by zero
Summary
A flaw has been found in RT-Thread up to 5.2.2. Affected is the function read/write/sys_ioctl of the file components/lwp/lwp_syscall.c of the component Parameter Handler. Executing a manipulation can lead to divide by zero. The attack may be launched remotely. The exploit has been published and may be used. The pull request to fix this issue awaits acceptance.
Severity
Assigner
References
7 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/376145 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/376145/cti | signaturepermissions-required |
| https://vuldb.com/cve/CVE-2026-14629 | third-party-advisory |
| https://vuldb.com/submit/845610 | third-party-advisory |
| https://github.com/RT-Thread/rt-thread/issues/11429 | exploitissue-tracking |
| https://github.com/RT-Thread/rt-thread/pull/11453 | issue-trackingpatch |
| https://github.com/RT-Thread/rt-thread/ | product |
Impacted products
Credits
{
"containers": {
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:rt-thread:rt-thread:*:*:*:*:*:*:*:*"
],
"modules": [
"Parameter Handler"
],
"product": "RT-Thread",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "5.2.0"
},
{
"status": "affected",
"version": "5.2.1"
},
{
"status": "affected",
"version": "5.2.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Zephyr Saxon (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB CNA Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw has been found in RT-Thread up to 5.2.2. Affected is the function read/write/sys_ioctl of the file components/lwp/lwp_syscall.c of the component Parameter Handler. Executing a manipulation can lead to divide by zero. The attack may be launched remotely. The exploit has been published and may be used. The pull request to fix this issue awaits acceptance."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-369",
"description": "Divide By Zero",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-404",
"description": "Denial of Service",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-04T13:15:08.868Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-376145 | RT-Thread Parameter lwp_syscall.c sys_ioctl divide by zero",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/376145"
},
{
"name": "VDB-376145 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/376145/cti"
},
{
"name": "CVE-2026-14629 | CVE Analysis and Report",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/cve/CVE-2026-14629"
},
{
"name": "Submit #845610 | RT-Thread v5.2.2 Improper Handling of Parameters",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/845610"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/RT-Thread/rt-thread/issues/11429"
},
{
"tags": [
"issue-tracking",
"patch"
],
"url": "https://github.com/RT-Thread/rt-thread/pull/11453"
},
{
"tags": [
"product"
],
"url": "https://github.com/RT-Thread/rt-thread/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-07-03T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-07-03T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-07-03T19:15:12.000Z",
"value": "VulDB entry last update"
}
],
"title": "RT-Thread Parameter lwp_syscall.c sys_ioctl divide by zero"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-14629",
"datePublished": "2026-07-04T13:15:08.868Z",
"dateReserved": "2026-07-03T17:10:08.620Z",
"dateUpdated": "2026-07-04T13:15:08.868Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2026-14629\",\"sourceIdentifier\":\"cna@vuldb.com\",\"published\":\"2026-07-04T14:16:29.203\",\"lastModified\":\"2026-07-04T14:16:29.203\",\"vulnStatus\":\"Received\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A flaw has been found in RT-Thread up to 5.2.2. Affected is the function read/write/sys_ioctl of the file components/lwp/lwp_syscall.c of the component Parameter Handler. Executing a manipulation can lead to divide by zero. The attack may be launched remotely. The exploit has been published and may be used. The pull request to fix this issue awaits acceptance.\"}],\"affected\":[{\"source\":\"cna@vuldb.com\",\"affectedData\":[{\"vendor\":\"n/a\",\"product\":\"RT-Thread\",\"cpes\":[\"cpe:2.3:a:rt-thread:rt-thread:*:*:*:*:*:*:*:*\"],\"modules\":[\"Parameter Handler\"],\"versions\":[{\"version\":\"5.2.0\",\"status\":\"affected\"},{\"version\":\"5.2.1\",\"status\":\"affected\"},{\"version\":\"5.2.2\",\"status\":\"affected\"}]}]}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"cna@vuldb.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":2.1,\"baseSeverity\":\"LOW\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"NONE\",\"vulnIntegrityImpact\":\"NONE\",\"vulnAvailabilityImpact\":\"LOW\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"PROOF_OF_CONCEPT\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"cna@vuldb.com\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L\",\"baseScore\":4.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":2.8,\"impactScore\":1.4}],\"cvssMetricV2\":[{\"source\":\"cna@vuldb.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:N/I:N/A:P\",\"baseScore\":4.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"cna@vuldb.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-369\"},{\"lang\":\"en\",\"value\":\"CWE-404\"}]}],\"references\":[{\"url\":\"https://github.com/RT-Thread/rt-thread/\",\"source\":\"cna@vuldb.com\"},{\"url\":\"https://github.com/RT-Thread/rt-thread/issues/11429\",\"source\":\"cna@vuldb.com\"},{\"url\":\"https://github.com/RT-Thread/rt-thread/pull/11453\",\"source\":\"cna@vuldb.com\"},{\"url\":\"https://vuldb.com/cve/CVE-2026-14629\",\"source\":\"cna@vuldb.com\"},{\"url\":\"https://vuldb.com/submit/845610\",\"source\":\"cna@vuldb.com\"},{\"url\":\"https://vuldb.com/vuln/376145\",\"source\":\"cna@vuldb.com\"},{\"url\":\"https://vuldb.com/vuln/376145/cti\",\"source\":\"cna@vuldb.com\"}]}}"
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…