Severity by source
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Primary rating from GitHub Advisory · only source for this CVE.
CVSS VectorGitHub Advisory
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Lifecycle Timeline
3DescriptionGitHub Advisory
NeKernal is a free and open-source operating system stack. Version 0.0.2 has a 1-byte heap overflow in rt_copy_memory, which unconditionally wrote a null terminator at dst[len]. When len equals the size of the destination buffer (256 bytes), that extra '\0' write overruns the buffer by one byte. To avoid breaking existing callers or changing the public API, the patch in commit fb7b7f658327f659c6a6da1af151cb389c2ca4ee takes a minimal approach: it simply removes the overflow-causing line without adding bounds checks or altering the function signature.
AnalysisAI
1-byte heap buffer overflow in NeKernal OS version 0.0.2's rt_copy_memory function, where a null terminator is unconditionally written beyond the destination buffer boundary when the copy length equals the buffer size (256 bytes). This vulnerability affects local attackers with no privilege requirements and can result in high-impact compromise of confidentiality, integrity, and availability. The patch (commit fb7b7f658327f659c6a6da1af151cb389c2ca4ee) removes the overflow-causing null terminator write; no active exploitation or public POC is currently documented, but the CVSS 8.6 score reflects significant severity.
Technical ContextAI
NeKernal is a free and open-source operating system stack; the vulnerable component is the memory copy routine rt_copy_memory in version 0.0.2. The vulnerability is classified as CWE-122 (Heap-based Buffer Overflow), a memory safety flaw where writes exceed allocated heap boundaries. The root cause is a classic off-by-one error: the function writes dst[len] with a null terminator without verifying that len < buffer_size. When len equals the destination buffer size (256 bytes), the write at index len (byte 256) exceeds the 256-byte allocation (indices 0-255), corrupting the next heap object. This is particularly dangerous in OS kernel context where heap corruption can lead to privilege escalation or code execution. The patch takes a minimal approach by removing the null-terminator line (avoiding API changes) rather than adding explicit bounds checks.
RemediationAI
- Upgrade NeKernal: Update from version 0.0.2 to version 0.0.3 or later, which includes the fix commit fb7b7f658327f659c6a6da1af151cb389c2ca4ee that removes the unconditional null-terminator write. 2. Verify Patch: Confirm the patch by checking that the null-terminator line in
rt_copy_memoryhas been removed and no regression has occurred in callers. 3. Workaround: If immediate upgrade is infeasible, implement application-level validation to ensure copy operations never passlenequal to the destination buffer size; however, this is a kernel-level fix and workarounds are limited for OS stack vulnerabilities. 4. Code Review: Audit other memory copy functions in NeKernal for similar off-by-one errors (CWE-122 family patterns). Official patch link: https://github.com/NeKernal/NeKernal/commit/fb7b7f658327f659c6a6da1af151cb389c2ca4ee (inferred repository structure for open-source project).
Same weakness CWE-122 – Heap-based Buffer Overflow
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-16632