Apache NuttX RTOS
Moderate fix1 remedy
cpe:2.3:a:apache:nuttx:*:*:*:*:*:*:*, +1 more
Moderate fix1 remedy
- >= 10.0.0, < 12.10.0
Apache NuttX RTOS Invalid Pointer Vulnerability in File System Inode Management
Vulnerability
Patched
A vulnerability allowing the release of an invalid pointer or reference has been identified in the Apache NuttX RTOS, specifically in the inode management code responsible for removing inodes from the root filesystem. This vulnerability, present in versions 10.0.0 prior to 12.10.0, can lead to the removal of inodes, triggering a debug assertion (which is disabled by default), causing a NULL pointer dereference (with effects varying by architecture), or generally resulting in a denial-of-service condition. The issue primarily affects users of filesystem-based services with write access that are exposed over the network, such as FTP.
Impact
Exploitation of this vulnerability can cause a denial-of-service condition, triggered by a NULL pointer dereference or a debug assertion failure.
Remediation
Users are advised to upgrade to Apache NuttX RTOS version 12.10.0, which addresses this vulnerability.
Added: Jan 1, 2026, 5:17 PM
Updated: Jan 1, 2026, 5:17 PM
Vulnerability Rating
Custom Algorithm
spread
2.4impact
2.5exploitability
3.3remediation
7.7relevance
1.8threat
0.0urgency
2.9incentive
1.7Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.