Zephyrproject-Rtos Zephyr vulnerabilities
118 known vulnerabilities affecting zephyrproject-rtos/zephyr.
Total CVEs
118
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL19HIGH57MEDIUM39LOW3
Vulnerabilities
Page 2 of 6
CVE-2024-8798MEDIUMCVSS 6.5≥ *, ≤ 3.72024-12-16
CVE-2024-8798 [MEDIUM] CWE-122 CVE-2024-8798: No proper validation of the length of user input in olcp_ind_handler in zephyr/subsys/bluetooth/serv
No proper validation of the length of user input in olcp_ind_handler in zephyr/subsys/bluetooth/services/ots/ots_client.c.
cvelistv5nvd
CVE-2024-11263HIGHCVSS 8.4≥ *, ≤ 3.72024-11-15
CVE-2024-11263 [HIGH] CWE-270 CVE-2024-11263: When the Global Pointer (GP) relative addressing is enabled (CONFIG_RISCV_GP=y), the gp reg points a
When the Global Pointer (GP) relative addressing is enabled (CONFIG_RISCV_GP=y), the gp reg points at 0x800 bytes past the start of the .sdata section which is then used by the linker to relax accesses to global symbols.
cvelistv5nvd
CVE-2024-6442MEDIUMCVSS 6.5≥ *, ≤ 3.62024-10-04
CVE-2024-6442 [MEDIUM] CWE-787 CVE-2024-6442: In ascs_cp_rsp_add in /subsys/bluetooth/audio/ascs.c, an unchecked tailroom could lead to a global b
In ascs_cp_rsp_add in /subsys/bluetooth/audio/ascs.c, an unchecked tailroom could lead to a global buffer overflow.
cvelistv5nvd
CVE-2024-6444MEDIUMCVSS 6.5≥ *, ≤ 3.62024-10-04
CVE-2024-6444 [MEDIUM] CWE-122 CVE-2024-6444: No proper validation of the length of user input in olcp_ind_handler in zephyr/subsys/bluetooth/serv
No proper validation of the length of user input in olcp_ind_handler in zephyr/subsys/bluetooth/services/ots/ots_client.c.
cvelistv5nvd
CVE-2024-6443MEDIUMCVSS 6.5≥ *, ≤ 3.62024-10-04
CVE-2024-6443 [MEDIUM] CWE-125 CVE-2024-6443: In utf8_trunc in zephyr/lib/utils/utf8.c, last_byte_p can point to one byte before the string pointe
In utf8_trunc in zephyr/lib/utils/utf8.c, last_byte_p can point to one byte before the string pointer if the string is empty.
cvelistv5nvd
CVE-2024-5754HIGHCVSS 8.2≥ *, ≤ 3.62024-09-13
CVE-2024-5754 [HIGH] CWE-807 BT: Encryption procedure host vulnerability
BT: Encryption procedure host vulnerability
BT: Encryption procedure host vulnerability
cvelistv5
CVE-2024-6135HIGHCVSS 7.6≥ *, ≤ 3.62024-09-13
CVE-2024-6135 [HIGH] CWE-122 BT:Classic: Multiple missing buf length checks
BT:Classic: Multiple missing buf length checks
BT:Classic: Multiple missing buf length checks
cvelistv5
CVE-2024-6137MEDIUMCVSS 6.5≥ *, ≤ 3.62024-09-13
CVE-2024-6137 [MEDIUM] CWE-121 CVE-2024-6137: BT: Classic: SDP OOB access in get_att_search_list
BT: Classic: SDP OOB access in get_att_search_list
cvelistv5nvd
CVE-2024-5931MEDIUMCVSS 6.5≥ *, ≤ 3.62024-09-13
CVE-2024-5931 [MEDIUM] CWE-121 CVE-2024-5931: BT: Unchecked user input in bap_broadcast_assistant
BT: Unchecked user input in bap_broadcast_assistant
cvelistv5nvd
CVE-2024-6259MEDIUMCVSS 6.5≥ *, ≤ 3.62024-09-13
CVE-2024-6259 [MEDIUM] CWE-122 CVE-2024-6259: BT: HCI: adv_ext_report Improper discarding in adv_ext_report
BT: HCI: adv_ext_report Improper discarding in adv_ext_report
cvelistv5nvd
CVE-2024-6258MEDIUMCVSS 6.5≥ *, ≤ 3.62024-09-13
CVE-2024-6258 [MEDIUM] CWE-122 CVE-2024-6258: BT: Missing length checks of net_buf in rfcomm_handle_data
BT: Missing length checks of net_buf in rfcomm_handle_data
cvelistv5nvd
CVE-2024-4785MEDIUMCVSS 6.5≥ *, ≤ 3.62024-08-19
CVE-2024-4785 [MEDIUM] CWE-369 CVE-2024-4785: BT: Missing Check in LL_CONNECTION_UPDATE_IND Packet Leads to Division by Zero
BT: Missing Check in LL_CONNECTION_UPDATE_IND Packet Leads to Division by Zero
cvelistv5nvd
CVE-2024-3332MEDIUMCVSS 6.5≥ *, ≤ 3.62024-07-03
CVE-2024-3332 [MEDIUM] CWE-476 CVE-2024-3332: A malicious BLE device can send a specific order of packet sequence to cause a DoS attack on the vic
A malicious BLE device can send a specific order of packet sequence to cause a DoS attack on the victim BLE device
cvelistv5nvd
CVE-2024-3077MEDIUMCVSS 6.5≥ *, ≤ 3.62024-03-29
CVE-2024-3077 [MEDIUM] CWE-126 CVE-2024-3077: An malicious BLE device can crash BLE victim device by sending malformed gatt packet
An malicious BLE device can crash BLE victim device by sending malformed gatt packet
cvelistv5nvd
CVE-2023-7060HIGHCVSS 7.5≥ *, ≤ 3.52024-03-15
CVE-2023-7060 [HIGH] CWE-20 CVE-2023-7060: Zephyr OS IP packet handling does not properly drop IP packets arriving on an external interface wit
Zephyr OS IP packet handling does not properly drop IP packets arriving on an external interface with a source address equal to 127.0.01 or the destination address.
cvelistv5nvd
CVE-2023-6881HIGHCVSS 7.3≥ *, ≤ 3.52024-02-20
CVE-2023-6881 [HIGH] CWE-120 fs: fuse: buffer overflow vulnerability in the Zephyr FS
fs: fuse: buffer overflow vulnerability in the Zephyr FS
Possible buffer overflow in is_mount_point
cvelistv5
CVE-2024-1638CRITICALCVSS 9.1≥ *, ≤ 3.52024-02-19
CVE-2024-1638 [CRITICAL] CWE-20 CVE-2024-1638: The documentation specifies that the BT_GATT_PERM_READ_LESC and BT_GATT_PERM_WRITE_LESC defines for
The documentation specifies that the BT_GATT_PERM_READ_LESC and BT_GATT_PERM_WRITE_LESC defines for a Bluetooth characteristic: Attribute read/write permission with LE Secure Connection encryption. If set, requires that LE Secure Connections is used for read/write access, however this is only true when it is combined with other permissions, namely BT_
cvelistv5nvd
CVE-2023-6749CRITICALCVSS 9.8≥ *, ≤ 3.52024-02-18
CVE-2023-6749 [CRITICAL] CWE-121 CVE-2023-6749: Unchecked length coming from user input in settings shell
Unchecked length coming from user input in settings shell
cvelistv5nvd
CVE-2023-6249HIGHCVSS 8.0≥ *, ≤ 3.52024-02-18
CVE-2023-6249 [HIGH] CWE-704 ipm: signed to unsigned conversion problem in esp32_ipm_send
ipm: signed to unsigned conversion problem in esp32_ipm_send
Signed to unsigned conversion esp32_ipm_send
cvelistv5
CVE-2023-5779MEDIUMCVSS 4.4≥ *, ≤ 3.52024-02-18
CVE-2023-5779 [MEDIUM] CWE-787 can: out of bounds in remove_rx_filter function
can: out of bounds in remove_rx_filter function
can: out of bounds in remove_rx_filter function
cvelistv5