CVE-2026-37540:
An integer overflow vulnerability in OpenAMP v2025.10.0's ELF loader allows an attacker to supply a malicious firmware image that causes a wrapped-around memory calculation, potentially leading to full system compromise on 32-bit embedded platforms.
Score
A numerical rating that indicates how dangerous this vulnerability is.
8.4High- Published Date:May 1, 2026
- CISA KEV Date:*No Data*
- Industries Affected:20
Threat Predictions
- EPSS Score:0.0
- EPSS Percentile:2%
Exploitability
- Score:2.5
- Attack Vector:LOCAL
- Attack Complexity:LOW
- Privileges Required:NONE
- User Interaction:NONE
- Scope:UNCHANGED
Impact
- Score:5.9
- Confidentiality Impact:HIGH
- Integrity Impact:HIGH
- Availability Impact:HIGH
Description Preview
An integer overflow vulnerability in OpenAMP v2025.10.0's ELF loader allows an attacker to supply a malicious firmware image that causes a wrapped-around memory calculation, potentially leading to full system compromise on 32-bit embedded platforms.
Overview
CVE-2026-37540 is a HIGH severity (CVSS 8.4) integer overflow vulnerability affecting OpenAMP v2025.10.0, an open-source framework widely used to implement asymmetric multiprocessing on embedded systems. The flaw resides in the ELF firmware image parser within `elf_loader.c`, where the product of two 16-bit values sourced directly from the ELF header is computed without validation. On 32-bit embedded targets including STM32MP1, Zynq, and i.MX SoCs, this unchecked multiplication can wrap around to a deceptively small value, causing subsequent memory operations to act on undersized buffers. A local attacker with no privileges or user interaction required can supply a crafted firmware image to exploit this flaw, resulting in complete loss of confidentiality, integrity, and availability on the affected device.
Remediation
- At the time of publication there is no official patch confirmed from the OpenAMP project. Recommended mitigations include the following actions. Audit and update `elf_loader.c` to validate all ELF header fields before performing arithmetic operations, replacing unchecked multiplications with safe integer arithmetic routines or explicit overflow guards (e.g., using `__builtin_mul_overflow` or equivalent). Restrict the sources from which firmware images are loaded to trusted, cryptographically signed images, preventing attacker-controlled ELF headers from reaching the vulnerable parser. Monitor the official OpenAMP repository at https://github.com/OpenAMP/open-amp for patches or updated releases and apply them promptly. Implement firmware integrity verification at the bootloader level on affected platforms (STM32MP1, Zynq, i.MX) to reduce exposure until an upstream fix is available.
References
- - [CVE-2026-37540 - NVD Entry](https://nvd.nist.gov/vuln/detail/CVE-2026-37540)
- - [OpenAMP GitHub Repository](https://github.com/OpenAMP/open-amp)
- - [Vulnerable Source File: elf_loader.c](https://github.com/OpenAMP/open-amp/blob/main/lib/remoteproc/elf_loader.c)
- - [Proof-of-Concept / Researcher Gist (sgInnora)](https://gist.github.com/sgInnora/f4ac66faeefe07a653ceeb3f58cdc381)
- - [CWE-190: Integer Overflow or Wraparound](https://cwe.mitre.org/data/definitions/190.html)
Industries Affected
Below is a list of industries most commonly impacted or potentially at risk based on intelligence.
