Skip to content

Zephyr v4.3.1

Choose a tag to compare

View all tags
@github-actions github-actions released this 23 Jun 12:27
v4.3.1
This tag was signed with the committer’s verified signature.
jhedberg Johan Hedberg
SSH Key Fingerprint: VWDBYkcaLo9CEGXRs90vMOsXYjvQnaRtNNAxRvePO2w
Verified
Learn about vigilant mode.
75f67d7

This is a maintenance release with fixes.

Issues Fixed

These GitHub issues were addressed since the previous 4.3.0 tagged release:

  • #55186 - posix: fnmatch: fix known bugs
  • #61464 - USB device stack (new and old) assertion on STM32
  • #95359 - spi_loopback fails on frdm_rw612 with DMA and/or cs_loopback
  • #96699 - drivers: spi: nrf_spim: Unused function warning when CONFIG_DEVICE_DEINIT_SUPPORT is disabled
  • #96762 - drivers: serial: uart_nrfx_uarte: Unused function warning when CONFIG_DEVICE_DEINIT_SUPPORT is disabled
  • #98491 - riscv: userspace: undefined symbol: z_stack_space_get
  • #98501 - pm: device_runtime: Issues with set/clear PD_CLAIMED flag in ISR_SAFE context
  • #98523 - ring_buffer: ring_buf_init may trigger assertion depending on Kconfig
  • #98588 - drivers: i2c: dw_i2c: i2c read time out on certain type of DW_I2C
  • #98768 - STM32F303 bxCAN: Last 2 bytes corrupted on TX pin, but registers are correct
  • #98782 - esp32c6: esp32h2: OpenThread issue
  • #98797 - boards: nxp: mimxrt1180_evk: J-Link script file not used when debugging
  • #99099 - STM32 QSPI sample shifting prevents communication with GD25Q128E flash chip
  • #99453 - sensor: current-amp: zero-current-offset no longer works
  • #99490 - MAX32650 SoC system clock configuration problem
  • #99491 - hwinfo: hwinfo test fails for MAX32657EVKIT board
  • #99535 - Issue with STM32 Ethernet and KSZ8081 Phy
  • #99563 - RP2350 Hazard3 doesn't default to XIP
  • #99588 - Bluetooth: Controller: nRF54Lx Radio Tx Power incorrect
  • #99644 - Siwx91x Compilation error with PM
  • #99659 - OpenThread Border Router issues in 4.3.0 release
  • #99682 - net: lib: dns: Unpacking query name can overflow the destination buffer
  • #99762 - mcumgr: Image management incorrectly identifies active slot when slots are on different flash devices
  • #99792 - HTTP Server Shows Error Log Message when iface goes down
  • #99795 - Telnet Shell Server Shows Error Log Message when iface goes down
  • #99797 - MCUmgr: OS: DateTime: Millisecond parsing erroneous
  • #99822 - stm32 EXTI driver: add support for STM32N6
  • #99895 - npcx9m6f_evb and frdm_k64f: kernel.common.stack_protection_arm_fpu_sharing fails
  • #99901 - drivers: entropy: gecko_trng: Error when getting entropy too soon after init
  • #99904 - soc: silabs: siwx91x: irq prio misalignment with hal
  • #99948 - drivers: ice40_fpga: k_usleep while holding a spinlock
  • #100040 - timer: cortex_m_systick: Compilation error if CONFIG_TIMER_READS_ITS_FREQUENCY_AT_RUNTIME is defined
  • #100211 - soc: silabs: siwx91x: ADC driver returns constant 0 mV
  • #100212 - No event code filterint for LVGL pointer process
  • #100225 - bluetooth: bt_conn reference leak in Frame Space Update in Zephyr 4.3.0
  • #100296 - west packages pip --install fails with permission error
  • #100715 - mgmt: mcumgr: firmware loader allows for self erasure
  • #100754 - bt test commands not working/crashing for nRF54LM20A DK board
  • #100903 - drivers: flash: stm32 ospi: detected erase type is always resetted
  • #101048 - drivers: xen: Uninitialized variable warning
  • #101151 - drivers: serial: NXP uart_mcux_flexcomm: instance interrupt config not saved during PM_DEVICE_ACTION_TURN_OFF
  • #101236 - NXP: Failed to disable random-mac-address in ethernet driver.
  • #101401 - logging: thread starvation for lower-priority producers
  • #101414 - ZVFS_OPEN_SIZE define applied irrespective of configuration
  • #101416 - It seems TCP accept had some issue during link changes
  • #102129 - Flash incorrectly tested on MAX32657 NS due to storage_partition
  • #102635 - gpio: mcux: Potential infinite interrupt hang when configuring
  • #102995 - OpenThread: build fails with CONFIG_OPENTHREAD_MTD enabled
  • #103029 - NVS startup fails after power loss during final ATE write
  • #103140 - TCAN4x5x initialization stalls with latest driver changes
  • #103239 - Race condition on usart/eusart silabs driver
  • #103242 - Watchdog timer on Siwx91x devices is not on pause during deep sleep
  • #103329 - Shared Flash access might be corrupted on SiWx91x SoC
  • #103339 - PM on SiWG91x SoC is broken
  • #103365 - MAX32655 UART fails to send some bytes on Zephyr 4.3
  • #103962 - RTIO: SQE flags not zeroed by some functions
  • #104208 - IPv4/6 fragmentation memory leak
  • #104248 - DNS query packet length check
  • #104253 - driver: clock_control: RCC_BDCR_LSEDRV_Pos undefined using STM32L0
  • #104652 - net: socketcan: length not always verified
  • #104748 - mcumgr: error codes of group "stat" incorrect
  • #104948 - net: lib: socket: tls: Potential out-of-bounds write in socket_op_vtable.connect
  • #105038 - net: lib: sockets: tls: Improve socket address storage
  • #105106 - arc: mpu: MPUv6 buffer validation race condition causes spurious access denials
  • #105216 - drivers: timer: stm32_lptim: fix incorrect configuration and harden against wrong usage
  • #105374 - drivers: gpio: sam: callback called when interrupt disabled
  • #105644 - SNTP uncertainty option invalids sntp_query
  • #105754 - net: sockets: msg->msg_iovlen is not validated in zsock_recvmsg sys call
  • #106109 - wifi: wifi_credentials: Static credentials are not validated
  • #106291 - Build fails when CONFIG_OPENTHREAD_CONFIG_DIAG_ENABLE is enabled.
  • #106334 - Thread-safety race condition in net_buf_unref
  • #106776 - net: tcp: Non-blocking connect failure leaks SYN retransmissions
  • #106894 - update Mbed TLS to 3.6.6
  • #106991 - net: tcp: use-after-free in net_tcp_foreach causes bus fault
  • #107081 - McuMgr fs_mgmt_file_upload handler does not check partial writes to filesystem
  • #107096 - cc3220sf_launchxl/cc3220sf missing ZVFS selection in sample
  • #107900 - net: ipv6: Neighbor Discovery packets validation is incorrect
  • #107920 - net: icmp: assert triggered sending icmp echo response with CONFIG_NET_STATISTICS
  • #107928 - net: lib: http_server: fix in websocket
  • #108004 - drivers: entropy: stm32: bad locking sequence
  • #108149 - Renaming configuration file in WiFi Shell sample causes errors when building the associated board documentation
  • #108559 - IP address parsing issue
  • #108637 - tests/drivers/bbram/generic/ fails at random due to drivers/bbram/bbram_microchip_mcp7940n_emul.c
  • #108835 - adin2111: Communication gets stuck after high bandwidth transfer
  • #108846 - Validate DNS rdata length in dns_unpack_answer
  • #108848 - wifi: nrf70: Missing bounds check on TWT event buffer
  • #108963 - net: lwm2m: URI string may be unterminated in FW pull mode
  • #109053 - native_sim: FUSE files are opened write-only
  • #109063 - The issue in Bluetooth Mesh solicitation PDU parsing
  • #109128 - fs: backend file resource leak when fs_open with FS_O_TRUNC fails during truncate
  • #109133 - Undefined bitwise shift behavior in PTP port management interval handling
  • #109257 - xtensa: mpu: fix arch_buffer_validate on overflow
  • #109549 - Security advisory GHSA-4vqm-pw24-g9jp / CVE 2026-5590 fix not available for Zephyr 4.3
  • #109620 - Bluetooth: Controller: Fix OOB read in ISOAL
  • #109857 - posix: mqueue: fix integer overflow in mq_open buffer allocation
  • #110032 - fs: ext2: validate directory entry structure before traversal
  • #110077 - k_pipe_read in ISR causing fault
  • #110303 - Bluetooth: Mesh: PrivateBeaconKey PSA key leak after subnet deletion
  • #110393 - bluetooth: l2cap: validate alloc_buf user data
  • #110645 - net: sockets: zsock_recvmsg ancillary-data capacity check undercounts cmsg size
  • #110651 - usb: device_next: cdc_ncm: TX thread deadlocks when usbd_ep_enqueue fails
  • #110762 - bluetooth: classic: hfp_hf: cind_handle_values writes past ind_table on a long +CIND list
  • #110766 - drivers: serial: pl011: TX enable spins forever when CTS flow control blocks transmission
  • #110771 - net: sockets: zsock_getaddrinfo retry after a DNS timeout leaves the previous query in flight and touches stale stack state
  • #110775 - Bluetooth: BAP: unicast client dereferences NULL stream->qos when a QoS Configured notification arrives before the stream is added to a group
  • #110857 - net: sntp: close-while-polling use-after-free in sntp_close_async
  • #110866 - net: dns: .local suffix check reads past the end of the hostname string
  • #110915 - pb-adv bearer resets the protocol timer unconditionally
  • #110956 - Bluetooth: ISO: bt_iso_recv pulls the SDU header without checking buf->len
  • #110967 - Bluetooth: BAP: Broadcast Assistant shares one att_buf across all connections
  • #111016 - kernel: userspace: dynamic kernel-object list freed under a different lock than it is traversed
  • #111031 - tests/drivers/can/api/drivers.can.api fails on mutex
  • #111087 - kernel: userspace: k_thread_name_copy syscall dereferences NULL for an unregistered thread pointer
  • #111100 - kernel: pipe: a user thread can re-initialize a pipe that is already in use
  • #111110 - kernel: poll: z_vrfy_k_poll leaks events_copy when a k_poll_event carries an invalid object handle
  • #111116 - pmci: mctp: I2C+GPIO target writes received bytes through an unchecked/unallocated packet buffer
  • #111119 - drivers: spi: dw: spi_dw_configure uses config->frequency as a divisor without validating it
  • #111345 - net: http_server: static filesystem handler serves files outside the web root for paths containing ".."
  • #111416 - logging: z_vrfy_log_filter_set accepts a negative src_id and indexes outside log_dynamic
  • #111431 - net: ip: forwarded packets keep their original TTL / hop-limit (no decrement on the routing path)
  • #111534 - Bluetooth: GATT: notify/indicate checks the declaration permissions, not the value permissions, when passed a characteristic declaration
  • #111564 - bluetooth: host: classic: l2cap_br: fix conf req/rsp length validation
  • #111420 - debug: coredump/shell: check tgt code before using string array

Security Vulnerability Related

The following security vulnerabilities (CVEs) were addressed in this release:

More detailed information can be found here:
https://docs.zephyrproject.org/latest/security/vulnerabilities.html

Assets 3
Loading