CVE-2026-10640
Summary: Zephyr’s IPv6 Neighbor Discovery send paths (ipv6_nbr.c) perform a use-after-free by reading iface from a freed net_pkt slab block when updating per-interface ICMP statistics, after the packet has been sent. This can corrupt iface-stats.icmp.sent or cause a crash/DoS if the slab memory i...