Home / Vulnerability Intelligence / CVE-2026-37540

CVE-2026-37540 - Vulnerability Analysis

HighCVSS: 8.4

Last Updated: May 1, 2026

OpenAMP - Integer Overflow

Published: May 1, 2026Updated: May 1, 2026

Overview

OpenAMP v2025.10.0 contains an integer overflow caused by unchecked multiplication of two attacker-controlled 16-bit values in ELF header parsing, letting attackers cause overflow on 32-bit embedded systems, exploit requires crafted ELF firmware image.

Severity & Score

Severity: High

CVSS Score: 8.4

Impact

Attackers can cause integer overflow leading to potential memory corruption or unexpected behavior on embedded systems.

Mitigation

Update to the latest version with overflow checks in ELF loader.

References

https://gist.github.com/sgInnora/f4ac66faeefe07a653ceeb3f58cdc381
https://github.com/OpenAMP/open-amp
https://github.com/OpenAMP/open-amp/blob/main/lib/remoteproc/elf_loader.c

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2026-37540
Severity: High
CVSS Score: 8.4
Type: integer_overflow
Status: new

CWE

CWE-190

CVSS Metrics

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H