CNNVD-202602-601 Information

Feb 04, 2026 cve

CNNVD ID

CNNVD-202602-601

CVE-2026-25507

  • CNNVD Published: 2026-02-04

Description (Chinese)

ESP-IDF是Espressif开源的一个 Windows、Linux 和 macOS 上支持的 Espressif SoC 的开发框架。 ESP-IDF 5.5.2版本、5.4.3版本、5.3.4版本、5.2.6版本和5.1.6版本存在资源管理错误漏洞,该漏洞源于BLE配置传输层存在释放后重用问题,可能导致无效内存访问。

Description (English)

ESP-IDF is the development framework for Espressif SOC supported by Windows, Linux and MacOS. ESP-IDF version 5.5.2, version 5.4.3, version 5.3.4, version 5.2.6 and version 5.1.6 have resource management error gaps, which stem from post-release re-use problems in the BLE configuration transfer layer and may lead to invalid memory access.

Hazard Level

High

Vulnerability Type

资源管理错误

Affected Vendor

乐鑫

Published

2026-02-04

Last Modified

2026-02-24

References

https://github.com/espressif/esp-idf/commit/0540c85140c2c06c0cbecc8843277ea676d5c4a9 https://github.com/espressif/esp-idf/commit/cde7b7362adc15638c141c249681cbe5d23de663 https://github.com/espressif/esp-idf/commit/1ff264abf2504cade46f0ce3a03f821310bcf6d7 https://github.com/espressif/esp-idf/commit/dba9a7dc01e4dab14c77d328f6a6f46369aeee63 https://github.com/espressif/esp-idf/commit/47552ff4fd824caf38215468ebd2f31fb5f36d70 https://github.com/espressif/esp-idf/security/advisories/GHSA-h7r3-gmg9-xjmg https://github.com/espressif/esp-idf/commit/4c3fdcd316f780bab4ae5aa73c9626ea9fe24ac6 https://github.com/espressif/esp-idf/commit/894c28afe3f2f8f31ff25b64191883517dddb5cf https://access.redhat.com/security/cve/cve-2026-25507

Patch

https://github.com/espressif/esp-idf/releases

Share on: