CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-2234 – BT HCI host union variant confusion
https://notcve.org/view.php?id=CVE-2023-2234
10 Jul 2023 — Union variant confusion allows any malicious BT controller to execute arbitrary code on the Zephyr host. • https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-fx9g-8fr2-q899 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 8.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-1902 – HCI Connection Creation Dangling State Reference Re-use
https://notcve.org/view.php?id=CVE-2023-1902
10 Jul 2023 — The bluetooth HCI host layer logic not clearing a global reference to a state pointer after handling connection events may allow a malicious HCI Controller to cause the use of a dangling reference in the host layer, leading to a crash (DoS) or potential RCE on the Host layer. • https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-fx9g-8fr2-q899 • CWE-416: Use After Free CWE-672: Operation on a Resource after Expiration or Release •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-0359 – ipv6: Missing ipv6 nullptr-check in handle_ra_input
https://notcve.org/view.php?id=CVE-2023-0359
10 Jul 2023 — A missing nullptr-check in handle_ra_input can cause a nullptr-deref. • https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-c7fq-vqm6-v5pf • CWE-20: Improper Input Validation CWE-476: NULL Pointer Dereference •
CVSS: 7.7EPSS: 0%CPEs: 1EXPL: 0CVE-2023-0779 – net: shell: Improper input validation
https://notcve.org/view.php?id=CVE-2023-0779
30 May 2023 — At the most basic level, an invalid pointer can be input that crashes the device, but with more knowledge of the device’s memory layout, further exploitation is possible. • https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-9xj8-6989-r549 • CWE-20: Improper Input Validation CWE-476: NULL Pointer Dereference •
CVSS: 9.6EPSS: 0%CPEs: 1EXPL: 1CVE-2023-0397 – DoS: Invalid Initialization in le_read_buffer_size_complete
https://notcve.org/view.php?id=CVE-2023-0397
19 Jan 2023 — A malicious / defect bluetooth controller can cause a Denial of Service due to unchecked input in le_read_buffer_size_complete. Un controlador bluetooth malicioso o defectuoso puede provocar una denegación de servicio debido a una entrada no marcada en le_read_buffer_size_complete. • https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-wc2h-h868-q7hj • CWE-665: Improper Initialization CWE-703: Improper Check or Handling of Exceptional Conditions •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2023-0396 – Buffer Overreads in Bluetooth HCI
https://notcve.org/view.php?id=CVE-2023-0396
19 Jan 2023 — A malicious / defective bluetooth controller can cause buffer overreads in the most functions that process HCI command responses. Un controlador Bluetooth malicioso o defectuoso puede provocar sobrelecturas del búfer en la mayoría de las funciones que procesan respuestas de comandos HCI. • https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-8rpp-6vxq-pqg3 • CWE-125: Out-of-bounds Read CWE-126: Buffer Over-read •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-3806 – Bluetooth HCI Error Handling Double Free
https://notcve.org/view.php?id=CVE-2022-3806
19 Jan 2023 — Inconsistent handling of error cases in bluetooth hci may lead to a double free condition of a network buffer. El manejo inconsistente de los casos de error en bluetooth hci puede provocar una condición doblemente libre de un búfer de red. • https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-w525-fm68-ppq3 • CWE-415: Double Free •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-2993 – bt: host: Wrong key validation check
https://notcve.org/view.php?id=CVE-2022-2993
09 Dec 2022 — There is an error in the condition of the last if-statement in the function smp_check_keys. It was rejecting current keys if all requirements were unmet. Hay un error en la condición de la última declaración if en la función smp_check_keys. Rechazaba las claves actuales si no se cumplían todos los requisitos. • https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-3286-jgjx-8cvr • CWE-670: Always-Incorrect Control Flow Implementation •
CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0CVE-2022-2741 – can: denial-of-service can be triggered by a crafted CAN frame
https://notcve.org/view.php?id=CVE-2022-2741
31 Oct 2022 — The denial-of-service can be triggered by transmitting a carefully crafted CAN frame on the same CAN network as the vulnerable node. The frame must have a CAN ID matching an installed filter in the vulnerable node (this can easily be guessed based on CAN traffic analyses). The frame must contain the opposite RTR bit as what the filter installed in the vulnerable node contains (if the filter matches RTR frames, the frame must be a data frame or vice versa). La denegación de servicio puede activarse transmiti... • https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hx5v-j59q-c3j8 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2022-1841 – Out-of-bound write in tcp_flags
https://notcve.org/view.php?id=CVE-2022-1841
31 Aug 2022 — In subsys/net/ip/tcp.c , function tcp_flags , when the incoming parameter flags is ECN or CWR , the buf will out-of-bounds write a byte zero. En el archivo subsys/net/ip/tcp.c, la función tcp_flags , cuando el parámetro entrante flags es ECN o CWR , el buf escribirá fuera de límites un byte cero • http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-5c3j-p8cr-2pgh • CWE-787: Out-of-bounds Write •