CVE-2023-4258 – bt: mesh: vulnerability in provisioning protocol implementation on provisionee side
https://notcve.org/view.php?id=CVE-2023-4258
In Bluetooth mesh implementation If provisionee has a public key that is sent OOB then during provisioning it can be sent back and will be accepted by provisionee. En la implementación de Bluetooth mesh, si el "provisionee" tiene una clave pública que se envía OOB, durante el aprovisionamiento se puede devolver y será aceptada por el "provisionee". • https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-m34c-cp63-rwh7 • CWE-684: Incorrect Provision of Specified Functionality •
CVE-2023-4265 – Buffer overflow in Zephyr USB
https://notcve.org/view.php?id=CVE-2023-4265
Potential buffer overflow vulnerabilities in the following locations: https://github.com/zephyrproject-rtos/zephyr/blob/main/drivers/usb/device/usb_dc_native_posix.c#L359 https://github.com/zephyrproject-rtos/zephyr/blob/main/drivers/usb/device/usb_dc_native_posix.c#L359 https://github.com/zephyrproject-rtos/zephyr/blob/main/subsys/usb/device/class/netusb/function_rndis... https://github.com/zephyrproject-rtos/zephyr/blob/main/subsys/usb/device/class/netusb/function_rndis.c#L841 • http://packetstormsecurity.com/files/175657/Zephyr-RTOS-3.x.0-Buffer-Overflows.html http://seclists.org/fulldisclosure/2023/Nov/1 http://www.openwall.com/lists/oss-security/2023/11/07/1 https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-4vgv-5r6q-r6xh • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVE-2023-1901 – HCI send_sync Dangling Semaphore Reference Re-use
https://notcve.org/view.php?id=CVE-2023-1901
The bluetooth HCI host layer logic not clearing a global reference to a semaphore after synchronously sending HCI commands may allow a malicious HCI Controller to cause the use of a dangling reference in the host layer, leading to a crash (DoS) or potential RCE on the Host layer. • https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-xvvm-8mcm-9cq3 • CWE-672: Operation on a Resource after Expiration or Release CWE-787: Out-of-bounds Write •
CVE-2023-2234 – BT HCI host union variant confusion
https://notcve.org/view.php?id=CVE-2023-2234
Union variant confusion allows any malicious BT controller to execute arbitrary code on the Zephyr host. • https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-fx9g-8fr2-q899 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVE-2023-1902 – HCI Connection Creation Dangling State Reference Re-use
https://notcve.org/view.php?id=CVE-2023-1902
The bluetooth HCI host layer logic not clearing a global reference to a state pointer after handling connection events may allow a malicious HCI Controller to cause the use of a dangling reference in the host layer, leading to a crash (DoS) or potential RCE on the Host layer. • https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-fx9g-8fr2-q899 • CWE-416: Use After Free CWE-672: Operation on a Resource after Expiration or Release •