CVE Catalog

CVE-2026-14629

MediumCVSS 4.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.31%

23th percentile — higher than 23% of all known CVEs

Summary

A vulnerability in RT-Thread up to version 5.2.2 affects the read/write/sys_ioctl function in components/lwp/lwp_syscall.c. Parameter manipulation can cause a divide-by-zero error, exploitable remotely. An exploit has been published and a fix is pending.

Risk Assessment

An attacker can remotely trigger a divide-by-zero fault, leading to system crash and denial of service (DoS), potentially compromising IoT devices running RT-Thread.

Recommendation

Apply the pending fix from the pull request immediately or upgrade RT-Thread to a patched version once released. Restrict access to affected functions until then.

Original NVD description (English source)

A flaw has been found in RT-Thread up to 5.2.2. Affected is the function read/write/sys_ioctl of the file components/lwp/lwp_syscall.c of the component Parameter Handler. Executing a manipulation can lead to divide by zero. The attack may be launched remotely. The exploit has been published and may be used. The pull request to fix this issue awaits acceptance.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS