CVE-2026-40337

MEDIUM

Sentry kernel has incomplete ownership check for IRQ line manipulation

Title source: cna

Description

The Sentry kernel is a high security level micro-kernel implementation made for high security embedded systems. A given task with one of the DEV or IO capability is able to interact with another task's IRQ line through the __sys_int_* syscall familly. Prior to version 0.4.7, this can lead to DoS and covert-channels between this task and the outer world. A patch is available in version 0.4.7. As a workaround, reduce tasks that have the DEV and IO capability to a single one.

References (3)

Scores

CVSS v3 5.1
EPSS 0.0001
EPSS Percentile 0.3%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:H

Details

CWE
CWE-283
Status published
Products (1)
camelot-os/sentry-kernel < 0.4.7
Published Apr 18, 2026
Tracked Since Apr 18, 2026