CVE-2025-48990

Name of the Vulnerable Software and Affected Versions NeKernal version 0.0.2

Description NeKernal is a free and open-source operating system stack. It has a 1-byte heap overflow in the rt copy memory function, which unconditionally writes a null terminator at dst[len]. When len equals the size of the destination buffer, the extra write overruns the buffer by one byte. The issue was fixed in a commit without adding bounds checks or altering the function signature.

Recommendations For NeKernal version 0.0.2, consider applying the patch from commit fb7b7f658327f659c6a6da1af151cb389c2ca4ee to remove the overflow-causing line in the rt copy memory function. As a temporary workaround, consider restricting the use of the rt copy memory function until the patch is applied.