CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-3806 – Bluetooth HCI Error Handling Double Free
https://notcve.org/view.php?id=CVE-2022-3806
Inconsistent handling of error cases in bluetooth hci may lead to a double free condition of a network buffer. El manejo inconsistente de los casos de error en bluetooth hci puede provocar una condición doblemente libre de un búfer de red. • https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-w525-fm68-ppq3 • CWE-415: Double Free •
CVSS: 9.6EPSS: 0%CPEs: 1EXPL: 0CVE-2021-3966 – Usb bluetooth device ACL read cb buffer overflow
https://notcve.org/view.php?id=CVE-2021-3966
usb device bluetooth class includes a buffer overflow related to implementation of net_buf_add_mem. La clase bluetooth del dispositivo USB incluye un desbordamiento de búfer relacionado con la implementación de net_buf_add_mem. • https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hfxq-3w6x-fv2m • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-122: Heap-based Buffer Overflow •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-0553 – Possible to retrieve uncrypted firmware image
https://notcve.org/view.php?id=CVE-2022-0553
There is no check to see if slot 0 is being uploaded from the device to the host. When using encrypted images this means the unencrypted firmware can be retrieved easily. • https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-wrj2-9vj9-rrcp • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-2993 – bt: host: Wrong key validation check
https://notcve.org/view.php?id=CVE-2022-2993
There is an error in the condition of the last if-statement in the function smp_check_keys. It was rejecting current keys if all requirements were unmet. Hay un error en la condición de la última declaración if en la función smp_check_keys. Rechazaba las claves actuales si no se cumplían todos los requisitos. • https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-3286-jgjx-8cvr •
CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0CVE-2022-2741 – can: denial-of-service can be triggered by a crafted CAN frame
https://notcve.org/view.php?id=CVE-2022-2741
The denial-of-service can be triggered by transmitting a carefully crafted CAN frame on the same CAN network as the vulnerable node. The frame must have a CAN ID matching an installed filter in the vulnerable node (this can easily be guessed based on CAN traffic analyses). The frame must contain the opposite RTR bit as what the filter installed in the vulnerable node contains (if the filter matches RTR frames, the frame must be a data frame or vice versa). La denegación de servicio puede activarse transmitiendo un frame CAN cuidadosamente manipulada en la misma red CAN que el nodo vulnerable. El frame debe tener una ID CAN que coincida con un filtro instalado en el nodo vulnerable (esto se puede adivinar fácilmente basándose en los análisis de tráfico CAN). • https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hx5v-j59q-c3j8 • CWE-400: Uncontrolled Resource Consumption •