Zephyrproject-Rtos Zephyr vulnerabilities
128 known vulnerabilities affecting zephyrproject-rtos/zephyr.
Total CVEs
128
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL20HIGH61MEDIUM44LOW3
Vulnerabilities
Page 6 of 7
CVE-2024-3332P4MEDIUMCVSS 6.5≥ *, ≤ 3.62024-07-03
CVE-2024-3332 [MEDIUM] CWE-476 CVE-2024-3332: A malicious BLE device can send a specific order of packet sequence to cause a DoS attack on the vic
A malicious BLE device can send a specific order of packet sequence to cause a DoS attack on the victim BLE device
nvd
CVE-2024-6258P4MEDIUMCVSS 6.5≥ *, ≤ 3.62024-09-13
CVE-2024-6258 [MEDIUM] CWE-122 CVE-2024-6258: BT: Missing length checks of net_buf in rfcomm_handle_data
BT: Missing length checks of net_buf in rfcomm_handle_data
nvd
CVE-2024-8798P4MEDIUMCVSS 6.5≥ *, ≤ 3.72024-12-16
CVE-2024-8798 [MEDIUM] CWE-122 CVE-2024-8798: No proper validation of the length of user input in olcp_ind_handler in zephyr/subsys/bluetooth/serv
No proper validation of the length of user input in olcp_ind_handler in zephyr/subsys/bluetooth/services/ots/ots_client.c.
nvd
CVE-2024-6444P4MEDIUMCVSS 6.5≥ *, ≤ 3.62024-10-04
CVE-2024-6444 [MEDIUM] CWE-122 CVE-2024-6444: No proper validation of the length of user input in olcp_ind_handler in zephyr/subsys/bluetooth/serv
No proper validation of the length of user input in olcp_ind_handler in zephyr/subsys/bluetooth/services/ots/ots_client.c.
nvd
CVE-2024-6442P4MEDIUMCVSS 6.5≥ *, ≤ 3.62024-10-04
CVE-2024-6442 [MEDIUM] CWE-787 CVE-2024-6442: In ascs_cp_rsp_add in /subsys/bluetooth/audio/ascs.c, an unchecked tailroom could lead to a global b
In ascs_cp_rsp_add in /subsys/bluetooth/audio/ascs.c, an unchecked tailroom could lead to a global buffer overflow.
nvd
CVE-2026-4179P4MEDIUMCVSS 6.1≥ *, ≤ 4.32026-03-16
CVE-2026-4179 [MEDIUM] CWE-835 CVE-2026-4179: Issues in stm32 USB device driver (drivers/usb/device/usb_dc_stm32.c) can lead to an infinite while
Issues in stm32 USB device driver (drivers/usb/device/usb_dc_stm32.c) can lead to an infinite while loop.
nvd
CVE-2024-6259P4MEDIUMCVSS 6.5≥ *, ≤ 3.62024-09-13
CVE-2024-6259 [MEDIUM] CWE-122 CVE-2024-6259: BT: HCI: adv_ext_report Improper discarding in adv_ext_report
BT: HCI: adv_ext_report Improper discarding in adv_ext_report
nvd
CVE-2024-6443P4MEDIUMCVSS 6.5≥ *, ≤ 3.62024-10-04
CVE-2024-6443 [MEDIUM] CWE-125 CVE-2024-6443: In utf8_trunc in zephyr/lib/utils/utf8.c, last_byte_p can point to one byte before the string pointe
In utf8_trunc in zephyr/lib/utils/utf8.c, last_byte_p can point to one byte before the string pointer if the string is empty.
nvd
CVE-2024-5931P4MEDIUMCVSS 6.5≥ *, ≤ 3.62024-09-13
CVE-2024-5931 [MEDIUM] CWE-121 CVE-2024-5931: BT: Unchecked user input in bap_broadcast_assistant
BT: Unchecked user input in bap_broadcast_assistant
nvd
CVE-2025-12890P4MEDIUMCVSS 6.5≥ *, ≤ 4.12025-11-07
CVE-2025-12890 [MEDIUM] CWE-703 CVE-2025-12890: Improper handling of malformed Connection Request with the interval set to be 1 (which supposed to
Improper handling of malformed Connection Request with the interval set to be 1 (which supposed to be illegal) and the chM 0x7CFFFFFFFF triggers a crash. The peripheral will not be connectable after it.
nvd
CVE-2020-10059P4MEDIUMCVSS 4.8≥ 2.1.0, < unspecified≥ 2.2.0, < unspecified2020-05-11
CVE-2020-10059 [MEDIUM] CWE-295 CVE-2020-10059: The UpdateHub module disables DTLS peer checking, which allows for a man in the middle attack. This
The UpdateHub module disables DTLS peer checking, which allows for a man in the middle attack. This is mitigated by firmware images requiring valid signatures. However, there is no benefit to using DTLS without the peer checking. See NCC-ZEP-018 This issue affects: zephyrproject-rtos zephyr version 2.1.0 and later versions.
nvd
CVE-2020-10069P4MEDIUMCVSS 6.5≥ v1.14.2, < unspecified≥ v2.2.0, < unspecified2021-05-25
CVE-2020-10069 [MEDIUM] CWE-233 CVE-2020-10069: Zephyr Bluetooth unchecked packet data results in denial of service. Zephyr versions >= v1.14.2, >=
Zephyr Bluetooth unchecked packet data results in denial of service. Zephyr versions >= v1.14.2, >= v2.2.0 contain Improper Handling of Parameters (CWE-233). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-f6vh-7v4x-8fjp
nvd
CVE-2020-10068P4MEDIUMCVSS 6.5≥ 2.2.0, < unspecified≥ 1.14.0, < unspecified2020-06-05
CVE-2020-10068 [MEDIUM] CWE-20 CVE-2020-10068: In the Zephyr project Bluetooth subsystem, certain duplicate and back-to-back packets can cause inco
In the Zephyr project Bluetooth subsystem, certain duplicate and back-to-back packets can cause incorrect behavior, resulting in a denial of service. This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions, and version 1.14.0 and later versions.
nvd
CVE-2020-10072P4MEDIUMCVSS 5.3≥ v1.14.2, < unspecified≥ v2.2.0, < unspecified2021-05-25
CVE-2020-10072 [MEDIUM] CWE-280 CVE-2020-10072: Improper Handling of Insufficient Permissions or Privileges in zephyr. Zephyr versions >= v1.14.2, >
Improper Handling of Insufficient Permissions or Privileges in zephyr. Zephyr versions >= v1.14.2, >= v2.2.0 contain Improper Handling of Insufficient Permissions or Privileges (CWE-280). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-vf79-hqwm-w4xc
nvd
CVE-2026-10645P4MEDIUMCVSS 4.9≥ *, ≤ 4.42026-06-23
CVE-2026-10645 [MEDIUM] CWE-125 CVE-2026-10645: Zephyr's ext2 directory-entry parser does not fully validate on-disk directory entry structure befor
Zephyr's ext2 directory-entry parser does not fully validate on-disk directory entry structure before copying the entry name and advancing traversal state. In ext2_fetch_direntry() (subsys/fs/ext2/ext2_diskops.c), the code only checks de_name_len <= EXT2_MAX_FILE_NAME and then copies the name with memcpy without validating the structural relationshi
nvd
CVE-2021-3322P4MEDIUMCVSS 6.5≥ >=2.4.0, < unspecified2021-10-12
CVE-2021-3322 [MEDIUM] CWE-476 CVE-2021-3322: Unexpected Pointer Aliasing in IEEE 802154 Fragment Reassembly in Zephyr. Zephyr versions >= >=2.4.0
Unexpected Pointer Aliasing in IEEE 802154 Fragment Reassembly in Zephyr. Zephyr versions >= >=2.4.0 contain NULL Pointer Dereference (CWE-476). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-p86r-gc4r-4mq3
nvd
CVE-2023-0397P4MEDIUMCVSS 6.5≥ unspecified, ≤ v3.22023-01-19
CVE-2023-0397 [MEDIUM] CWE-703 CVE-2023-0397: A malicious / defect bluetooth controller can cause a Denial of Service due to unchecked input in le
A malicious / defect bluetooth controller can cause a Denial of Service due to unchecked input in le_read_buffer_size_complete.
nvd
CVE-2020-13602P4MEDIUMCVSS 5.5≥ 1.14.2, < unspecified≥ 2.2.0, < unspecified2021-05-25
CVE-2020-13602 [MEDIUM] CWE-20 CVE-2020-13602: Remote Denial of Service in LwM2M do_write_op_tlv. Zephyr versions >= 1.14.2, >= 2.2.0 contain Impro
Remote Denial of Service in LwM2M do_write_op_tlv. Zephyr versions >= 1.14.2, >= 2.2.0 contain Improper Input Validation (CWE-20), Loop with Unreachable Exit Condition ('Infinite Loop') (CWE-835). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-g9mg-fj58-6fqh
nvd
CVE-2020-10066P4MEDIUMCVSS 5.7≥ v1.14.2, < unspecified≥ v2.2.0, < unspecified2021-05-25
CVE-2020-10066 [MEDIUM] CWE-476 CVE-2020-10066: Incorrect Error Handling in Bluetooth HCI core. Zephyr versions >= v1.14.2, >= v2.2.0 contain NULL P
Incorrect Error Handling in Bluetooth HCI core. Zephyr versions >= v1.14.2, >= v2.2.0 contain NULL Pointer Dereference (CWE-476). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-gc66-xfrc-24qr
nvd
CVE-2022-0553P4MEDIUMCVSS 4.6≥ unspecified, ≤ v3.02023-01-11
CVE-2022-0553 [MEDIUM] CWE-200 CVE-2022-0553: There is no check to see if slot 0 is being uploaded from the device to the host. When using encrypt
There is no check to see if slot 0 is being uploaded from the device to the host. When using encrypted images this means the unencrypted firmware can be retrieved easily.
nvd