CVE-2023-1902 — Use After Free in Zephyr

CWE-416 — Use After Free CWE-672 — Operation on a Resource after Expiration or Release2 documents2 sources

Severity

8.0HIGHNVD

CNA5.9

EPSS

0.2%

top 55.00%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Zephyrproject-rtos Zephyr Zephyrproject Zephyr

Timeline

PublishedJul 10

Description

The bluetooth HCI host layer logic not clearing a global reference to a state pointer after handling connection events may allow a malicious HCI Controller to cause the use of a dangling reference in the host layer, leading to a crash (DoS) or potential RCE on the Host layer.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.1 | Impact: 5.9

Affected Packages2 packages

▶NVDzephyrproject/zephyr3.3.0

▶CVEListV5zephyrproject-rtos/zephyr* — 3.3

🔴Vulnerability Details

CVEList

HCI Connection Creation Dangling State Reference Re-use↗2023-07-10

▶