CVSS: 8.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-1902 – HCI Connection Creation Dangling State Reference Re-use
https://notcve.org/view.php?id=CVE-2023-1902
10 Jul 2023 — The bluetooth HCI host layer logic not clearing a global reference to a state pointer after handling connection events may allow a malicious HCI Controller to cause the use of a dangling reference in the host layer, leading to a crash (DoS) or potential RCE on the Host layer. • https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-fx9g-8fr2-q899 • CWE-416: Use After Free CWE-672: Operation on a Resource after Expiration or Release •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-0359 – ipv6: Missing ipv6 nullptr-check in handle_ra_input
https://notcve.org/view.php?id=CVE-2023-0359
10 Jul 2023 — A missing nullptr-check in handle_ra_input can cause a nullptr-deref. • https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-c7fq-vqm6-v5pf • CWE-20: Improper Input Validation CWE-476: NULL Pointer Dereference •
CVSS: 7.7EPSS: 0%CPEs: 1EXPL: 0CVE-2023-0779 – net: shell: Improper input validation
https://notcve.org/view.php?id=CVE-2023-0779
30 May 2023 — At the most basic level, an invalid pointer can be input that crashes the device, but with more knowledge of the device’s memory layout, further exploitation is possible. • https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-9xj8-6989-r549 • CWE-20: Improper Input Validation CWE-476: NULL Pointer Dereference •
CVSS: 9.6EPSS: 0%CPEs: 4EXPL: 1CVE-2021-3329 – DOS: Incorrect handling of the initial HCI ACL_MTU handshake packet leads to crash of bluetooth host layer
https://notcve.org/view.php?id=CVE-2021-3329
26 Feb 2023 — Lack of proper validation in HCI Host stack initialization can cause a crash of the bluetooth stack • https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-117 • CWE-665: Improper Initialization CWE-703: Improper Check or Handling of Exceptional Conditions •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-3806 – Bluetooth HCI Error Handling Double Free
https://notcve.org/view.php?id=CVE-2022-3806
19 Jan 2023 — Inconsistent handling of error cases in bluetooth hci may lead to a double free condition of a network buffer. El manejo inconsistente de los casos de error en bluetooth hci puede provocar una condición doblemente libre de un búfer de red. • https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-w525-fm68-ppq3 • CWE-415: Double Free •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2023-0396 – Buffer Overreads in Bluetooth HCI
https://notcve.org/view.php?id=CVE-2023-0396
19 Jan 2023 — A malicious / defective bluetooth controller can cause buffer overreads in the most functions that process HCI command responses. Un controlador Bluetooth malicioso o defectuoso puede provocar sobrelecturas del búfer en la mayoría de las funciones que procesan respuestas de comandos HCI. • https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-8rpp-6vxq-pqg3 • CWE-125: Out-of-bounds Read CWE-126: Buffer Over-read •
CVSS: 9.6EPSS: 0%CPEs: 1EXPL: 1CVE-2023-0397 – DoS: Invalid Initialization in le_read_buffer_size_complete
https://notcve.org/view.php?id=CVE-2023-0397
19 Jan 2023 — A malicious / defect bluetooth controller can cause a Denial of Service due to unchecked input in le_read_buffer_size_complete. Un controlador bluetooth malicioso o defectuoso puede provocar una denegación de servicio debido a una entrada no marcada en le_read_buffer_size_complete. • https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-wc2h-h868-q7hj • CWE-665: Improper Initialization CWE-703: Improper Check or Handling of Exceptional Conditions •
CVSS: 9.6EPSS: 0%CPEs: 1EXPL: 0CVE-2021-3966 – Usb bluetooth device ACL read cb buffer overflow
https://notcve.org/view.php?id=CVE-2021-3966
11 Jan 2023 — usb device bluetooth class includes a buffer overflow related to implementation of net_buf_add_mem. La clase bluetooth del dispositivo USB incluye un desbordamiento de búfer relacionado con la implementación de net_buf_add_mem. • https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hfxq-3w6x-fv2m • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-122: Heap-based Buffer Overflow •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-0553 – Possible to retrieve uncrypted firmware image
https://notcve.org/view.php?id=CVE-2022-0553
11 Jan 2023 — There is no check to see if slot 0 is being uploaded from the device to the host. When using encrypted images this means the unencrypted firmware can be retrieved easily. • https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-wrj2-9vj9-rrcp • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-2993 – bt: host: Wrong key validation check
https://notcve.org/view.php?id=CVE-2022-2993
09 Dec 2022 — There is an error in the condition of the last if-statement in the function smp_check_keys. It was rejecting current keys if all requirements were unmet. Hay un error en la condición de la última declaración if en la función smp_check_keys. Rechazaba las claves actuales si no se cumplían todos los requisitos. • https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-3286-jgjx-8cvr •