A vulnerability, which was classified as critical , has been found in zephyrproject zephyr up to 4.4.x . This vulnerability affects the function k_mem_domain_deinit of the file arch/xtensa/core/ptables.c of the component Xtensa memory-domain de-initialization Feature . Performing a manipulation results in use after free. This vulnerability was named CVE-2026-10635 . The attack needs to be approached locally. There is no available exploit. It is advisable to upgrade the affected component.