CVE-2026-37540

Name of the Vulnerable Software and Affected Versions OpenAMP version 2025.10.0

Description The ELF loader contains an integer overflow during firmware image parsing. In the elf loader.c file, the system multiplies two attacker-controlled 16-bit values from the ELF header without performing overflow checks. On 32-bit embedded systems such as STM32MP1, Zynq, and i.MX, providing large values can cause the resulting product to wrap around to a small value.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.