CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-2234 – BT HCI host union variant confusion
https://notcve.org/view.php?id=CVE-2023-2234
Union variant confusion allows any malicious BT controller to execute arbitrary code on the Zephyr host. • https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-fx9g-8fr2-q899 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 8.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-1902 – HCI Connection Creation Dangling State Reference Re-use
https://notcve.org/view.php?id=CVE-2023-1902
The bluetooth HCI host layer logic not clearing a global reference to a state pointer after handling connection events may allow a malicious HCI Controller to cause the use of a dangling reference in the host layer, leading to a crash (DoS) or potential RCE on the Host layer. • https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-fx9g-8fr2-q899 • CWE-416: Use After Free •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-0359 – ipv6: Missing ipv6 nullptr-check in handle_ra_input
https://notcve.org/view.php?id=CVE-2023-0359
A missing nullptr-check in handle_ra_input can cause a nullptr-deref. • https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-c7fq-vqm6-v5pf • CWE-20: Improper Input Validation CWE-476: NULL Pointer Dereference •
CVSS: 7.7EPSS: 0%CPEs: 1EXPL: 0CVE-2023-0779 – net: shell: Improper input validation
https://notcve.org/view.php?id=CVE-2023-0779
At the most basic level, an invalid pointer can be input that crashes the device, but with more knowledge of the device’s memory layout, further exploitation is possible. • https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-9xj8-6989-r549 • CWE-20: Improper Input Validation CWE-476: NULL Pointer Dereference •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-0396 – Buffer Overreads in Bluetooth HCI
https://notcve.org/view.php?id=CVE-2023-0396
A malicious / defective bluetooth controller can cause buffer overreads in the most functions that process HCI command responses. Un controlador Bluetooth malicioso o defectuoso puede provocar sobrelecturas del búfer en la mayoría de las funciones que procesan respuestas de comandos HCI. • https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-8rpp-6vxq-pqg3 • CWE-125: Out-of-bounds Read CWE-126: Buffer Over-read •