CVE-2026-10653
The Zephyr netbuf library lib/netbuf/buf.c manipulated both of its reference counts -- the per-header buf-ref and the per-data-block refcount at the start of each variable/heap data allocation -- with plain non-atomic C operators buf-ref++, if --buf-ref 0, if --refcount. The API is documented as...