Zephyrproject Zephyr vulnerabilities
114 known vulnerabilities affecting zephyrproject/zephyr.
Total CVEs
114
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL22HIGH52MEDIUM37LOW3
Vulnerabilities
Page 2 of 6
CVE-2024-6444MEDIUMCVSS 6.5≤ 3.6.02024-10-04
CVE-2024-6444 [MEDIUM] CWE-122 CVE-2024-6444: No proper validation of the length of user input in olcp_ind_handler in zephyr/subsys/bluetooth/serv
No proper validation of the length of user input in olcp_ind_handler in zephyr/subsys/bluetooth/services/ots/ots_client.c.
nvd
CVE-2024-6442MEDIUMCVSS 6.5≤ 3.6.02024-10-04
CVE-2024-6442 [MEDIUM] CWE-787 CVE-2024-6442: In ascs_cp_rsp_add in /subsys/bluetooth/audio/ascs.c, an unchecked tailroom could lead to a global b
In ascs_cp_rsp_add in /subsys/bluetooth/audio/ascs.c, an unchecked tailroom could lead to a global buffer overflow.
nvd
CVE-2024-6137MEDIUMCVSS 6.5≤ 3.6.02024-09-13
CVE-2024-6137 [MEDIUM] CWE-121 CVE-2024-6137: BT: Classic: SDP OOB access in get_att_search_list
BT: Classic: SDP OOB access in get_att_search_list
nvd
CVE-2024-6259MEDIUMCVSS 6.5≤ 3.6.02024-09-13
CVE-2024-6259 [MEDIUM] CWE-122 CVE-2024-6259: BT: HCI: adv_ext_report Improper discarding in adv_ext_report
BT: HCI: adv_ext_report Improper discarding in adv_ext_report
nvd
CVE-2024-6258MEDIUMCVSS 6.5fixed in 3.6.02024-09-13
CVE-2024-6258 [MEDIUM] CWE-122 CVE-2024-6258: BT: Missing length checks of net_buf in rfcomm_handle_data
BT: Missing length checks of net_buf in rfcomm_handle_data
nvd
CVE-2024-5931MEDIUMCVSS 6.5≤ 3.6.02024-09-13
CVE-2024-5931 [MEDIUM] CWE-121 CVE-2024-5931: BT: Unchecked user input in bap_broadcast_assistant
BT: Unchecked user input in bap_broadcast_assistant
nvd
CVE-2024-4785MEDIUMCVSS 6.5fixed in 3.7.02024-08-19
CVE-2024-4785 [MEDIUM] CWE-369 CVE-2024-4785: BT: Missing Check in LL_CONNECTION_UPDATE_IND Packet Leads to Division by Zero
BT: Missing Check in LL_CONNECTION_UPDATE_IND Packet Leads to Division by Zero
nvd
CVE-2024-3332MEDIUMCVSS 6.5≤ 3.6.02024-07-03
CVE-2024-3332 [MEDIUM] CWE-476 CVE-2024-3332: A malicious BLE device can send a specific order of packet sequence to cause a DoS attack on the vic
A malicious BLE device can send a specific order of packet sequence to cause a DoS attack on the victim BLE device
nvd
CVE-2024-3077MEDIUMCVSS 6.5≤ 3.6.02024-03-29
CVE-2024-3077 [MEDIUM] CWE-126 CVE-2024-3077: An malicious BLE device can crash BLE victim device by sending malformed gatt packet
An malicious BLE device can crash BLE victim device by sending malformed gatt packet
nvd
CVE-2023-7060HIGHCVSS 7.5fixed in 3.6.02024-03-15
CVE-2023-7060 [HIGH] CWE-20 CVE-2023-7060: Zephyr OS IP packet handling does not properly drop IP packets arriving on an external interface wit
Zephyr OS IP packet handling does not properly drop IP packets arriving on an external interface with a source address equal to 127.0.01 or the destination address.
nvd
CVE-2024-1638CRITICALCVSS 9.1≤ 3.5.02024-02-19
CVE-2024-1638 [CRITICAL] CWE-20 CVE-2024-1638: The documentation specifies that the BT_GATT_PERM_READ_LESC and BT_GATT_PERM_WRITE_LESC defines for
The documentation specifies that the BT_GATT_PERM_READ_LESC and BT_GATT_PERM_WRITE_LESC defines for a Bluetooth characteristic: Attribute read/write permission with LE Secure Connection encryption. If set, requires that LE Secure Connections is used for read/write access, however this is only true when it is combined with other permissions, namely BT_
nvd
CVE-2023-6749CRITICALCVSS 9.8≤ 3.5.02024-02-18
CVE-2023-6749 [CRITICAL] CWE-121 CVE-2023-6749: Unchecked length coming from user input in settings shell
Unchecked length coming from user input in settings shell
nvd
CVE-2023-5055CRITICALCVSS 9.8≤ 3.4.02023-11-21
CVE-2023-5055 [CRITICAL] CVE-2023-5055: Possible variant of CVE-2021-3434 in function le_ecred_reconf_req.
Possible variant of CVE-2021-3434 in function le_ecred_reconf_req.
nvd
CVE-2023-4424HIGHCVSS 8.8≤ 3.4.02023-11-21
CVE-2023-4424 [HIGH] CWE-190 CVE-2023-4424: An malicious BLE device can cause buffer overflow by sending malformed advertising packet BLE device
An malicious BLE device can cause buffer overflow by sending malformed advertising packet BLE device using Zephyr OS, leading to DoS or potential RCE on the victim BLE device.
nvd
CVE-2023-5139HIGHCVSS 7.8≤ 3.4.02023-10-26
CVE-2023-5139 [HIGH] CWE-120 CVE-2023-5139: Potential buffer overflow vulnerability at the following location in the Zephyr STM32 Crypto driver
Potential buffer overflow vulnerability at the following location in the Zephyr STM32 Crypto driver
nvd
CVE-2023-5753HIGHCVSS 8.8≤ 3.4.02023-10-25
CVE-2023-5753 [HIGH] CWE-120 CVE-2023-5753: Potential buffer overflows in the Bluetooth subsystem due to asserts being disabled in /subsys/bluet
Potential buffer overflows in the Bluetooth subsystem due to asserts being disabled in /subsys/bluetooth/host/hci_core.c
nvd
CVE-2023-4257CRITICALCVSS 9.8≤ 3.4.02023-10-13
CVE-2023-4257 [CRITICAL] CWE-120 CVE-2023-4257: Unchecked user input length in /subsys/net/l2/wifi/wifi_shell.c can cause buffer overflows.
Unchecked user input length in /subsys/net/l2/wifi/wifi_shell.c can cause buffer overflows.
nvd
CVE-2023-4263HIGHCVSS 8.8≤ 3.4.02023-10-13
CVE-2023-4263 [HIGH] CWE-120 CVE-2023-4263: Potential buffer overflow vulnerability in the Zephyr IEEE 802.15.4 nRF 15.4 driver
Potential buffer overflow vulnerability in the Zephyr IEEE 802.15.4 nRF 15.4 driver
nvd
CVE-2023-5563HIGHCVSS 7.5≤ 3.4.02023-10-13
CVE-2023-5563 [HIGH] CWE-703 CVE-2023-5563: The SJA1000 CAN controller driver backend automatically attempt to recover from a bus-off event when
The SJA1000 CAN controller driver backend automatically attempt to recover from a bus-off event when built with CONFIG_CAN_AUTO_BUS_OFF_RECOVERY=y. This results in calling k_sleep() in IRQ context, causing a fatal exception.
nvd
CVE-2023-3725CRITICALCVSS 9.8≤ 3.4.02023-10-06
CVE-2023-3725 [CRITICAL] CWE-120 CVE-2023-3725: Potential buffer overflow vulnerability in the Zephyr CAN bus subsystem
Potential buffer overflow vulnerability in the Zephyr CAN bus subsystem
nvd