{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-40337", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-04-10T22:50:01.358Z", "datePublished": "2026-04-17T23:51:09.866Z", "dateUpdated": "2026-04-20T16:13:48.908Z"}, "containers": {"cna": {"title": "Sentry kernel has incomplete ownership check for IRQ line manipulation", "problemTypes": [{"descriptions": [{"cweId": "CWE-283", "lang": "en", "description": "CWE-283: Unverified Ownership", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/camelot-os/sentry-kernel/security/advisories/GHSA-5hgv-rg2f-79pg", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/camelot-os/sentry-kernel/security/advisories/GHSA-5hgv-rg2f-79pg"}, {"name": "https://github.com/camelot-os/sentry-kernel/pull/108", "tags": ["x_refsource_MISC"], "url": "https://github.com/camelot-os/sentry-kernel/pull/108"}, {"name": "https://github.com/camelot-os/sentry-kernel/commit/150b7edd2c5b0da0a8baeed3135ddde613b08081", "tags": ["x_refsource_MISC"], "url": "https://github.com/camelot-os/sentry-kernel/commit/150b7edd2c5b0da0a8baeed3135ddde613b08081"}], "affected": [{"vendor": "camelot-os", "product": "sentry-kernel", "versions": [{"version": "< 0.4.7", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-17T23:51:09.866Z"}, "descriptions": [{"lang": "en", "value": "The Sentry kernel is a high security level micro-kernel implementation made for high security embedded systems. A given task with one of the DEV or IO capability is able to interact with another task's IRQ line through the __sys_int_* syscall familly. Prior to version 0.4.7, this can lead to DoS and covert-channels between this task and the outer world. A patch is available in version 0.4.7. As a workaround, reduce tasks that have the DEV and IO capability to a single one."}], "source": {"advisory": "GHSA-5hgv-rg2f-79pg", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-20T16:13:39.095832Z", "id": "CVE-2026-40337", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-20T16:13:48.908Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-40337", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-20T16:13:39.095832Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-20T16:13:43.170Z"}}], "cna": {"title": "Sentry kernel has incomplete ownership check for IRQ line manipulation", "source": {"advisory": "GHSA-5hgv-rg2f-79pg", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.1, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}}], "affected": [{"vendor": "camelot-os", "product": "sentry-kernel", "versions": [{"status": "affected", "version": "< 0.4.7"}]}], "references": [{"url": "https://github.com/camelot-os/sentry-kernel/security/advisories/GHSA-5hgv-rg2f-79pg", "name": "https://github.com/camelot-os/sentry-kernel/security/advisories/GHSA-5hgv-rg2f-79pg", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/camelot-os/sentry-kernel/pull/108", "name": "https://github.com/camelot-os/sentry-kernel/pull/108", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/camelot-os/sentry-kernel/commit/150b7edd2c5b0da0a8baeed3135ddde613b08081", "name": "https://github.com/camelot-os/sentry-kernel/commit/150b7edd2c5b0da0a8baeed3135ddde613b08081", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "The Sentry kernel is a high security level micro-kernel implementation made for high security embedded systems. A given task with one of the DEV or IO capability is able to interact with another task's IRQ line through the __sys_int_* syscall familly. Prior to version 0.4.7, this can lead to DoS and covert-channels between this task and the outer world. A patch is available in version 0.4.7. As a workaround, reduce tasks that have the DEV and IO capability to a single one."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-283", "description": "CWE-283: Unverified Ownership"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-17T23:51:09.866Z"}}}, "cveMetadata": {"cveId": "CVE-2026-40337", "state": "PUBLISHED", "dateUpdated": "2026-04-20T16:13:48.908Z", "dateReserved": "2026-04-10T22:50:01.358Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-04-17T23:51:09.866Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The Sentry kernel is a high security level micro-kernel implementation made for high security embedded systems. A given task with one of the DEV or IO capability is able to interact with another task's IRQ line through the __sys_int_* syscall familly. Prior to version 0.4.7, this can lead to DoS and covert-channels between this task and the outer world. A patch is available in version 0.4.7. As a workaround, reduce tasks that have the DEV and IO capability to a single one."}], "id": "CVE-2026-40337", "lastModified": "2026-04-29T21:08:02.250", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 4.2, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-04-18T00:16:37.667", "references": [{"source": "security-advisories@github.com", "url": "https://github.com/camelot-os/sentry-kernel/commit/150b7edd2c5b0da0a8baeed3135ddde613b08081"}, {"source": "security-advisories@github.com", "url": "https://github.com/camelot-os/sentry-kernel/pull/108"}, {"source": "security-advisories@github.com", "url": "https://github.com/camelot-os/sentry-kernel/security/advisories/GHSA-5hgv-rg2f-79pg"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-283"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,0.4.7)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "sentry-kernel", "source": "cna", "vendor": "camelot-os"}, "product": "sentry-kernel", "vendor": "camelot-os"}], "analysis": {"en": {"generated_at": "2026-04-18T17:03:32.021674+00:00", "value": {"mitigation_remediation": ["Upgrade to Sentry Kernel 0.4.7 or later, which contains the patch correcting the ownership check.", "As an interim fix, ensure that only one task has DEV and IO capability, preventing cross\u2011task IRQ manipulation.", "Re\u2011evaluate task capability assignments to reduce the number of privileged tasks and enforce stricter isolation."], "summary": {"action": "Apply Patch", "impact": "Denial of Service and Covert Channel"}, "threat_synthesis": {"affected_systems": "Camelot\u2011OS Sentry Kernel versions earlier than 0.4.7 are vulnerable. Any embedded system running one of these kernel releases is affected.", "description_and_impact": "The Sentry kernel implements a sys_int_* syscall family that allows tasks to manipulate IRQ lines. An incomplete ownership check permits a task that holds DEV or IO capability to alter the IRQ configuration of another task, leading to a denial\u2011of\u2011service by disrupting interrupt handling or forging a covert channel between the two tasks and the external environment. This flaw is an improper access control error categorized as CWE\u2011283.", "risk_and_exploitability": "The CVSS score of 5.1 denotes moderate severity; the EPSS score is not available and the issue is not listed in CISA to- be exploited vulnerabilities. Based on the description, it is inferred that an attacker must be able to execute a task with DEV or IO capability, which suggests a local or compromised\u2011process attack vector. Consequently, the risk is limited to environments where such privileges can be obtained, and no remote exploitation mechanism is explicitly disclosed."}}}}, "created": "2026-04-18T17:15:05.774636+00:00", "updated": "2026-04-20T14:59:04.798377+00:00", "vendors": ["camelot-os", "camelot-os$PRODUCT$sentry-kernel"]}