CVE-2022-2993Always-Incorrect Control Flow Implementation in Zephyr

CWE-670Always-Incorrect Control Flow Implementation2 documents2 sources
Severity
9.8CRITICALNVD
CNA8.6
EPSS
0.5%
top 36.06%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Zephyrproject-rtos ZephyrZephyrproject Zephyr
Timeline
PublishedDec 9
Latest updateDec 12

Description

There is an error in the condition of the last if-statement in the function smp_check_keys. It was rejecting current keys if all requirements were unmet.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

CVEListV5zephyrproject-rtos/zephyrunspecifiedv3.1

🔴Vulnerability Details

1
CVEList
bt: host: Wrong key validation check2022-12-12
CVE-2022-2993 — Zephyrproject-rtos Zephyr vulnerability | cvebase