CVE-2022-3806 – Bluetooth HCI Error Handling Double Free
https://notcve.org/view.php?id=CVE-2022-3806
Inconsistent handling of error cases in bluetooth hci may lead to a double free condition of a network buffer. El manejo inconsistente de los casos de error en bluetooth hci puede provocar una condición doblemente libre de un búfer de red. • https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-w525-fm68-ppq3 • CWE-415: Double Free •
CVE-2022-2993 – bt: host: Wrong key validation check
https://notcve.org/view.php?id=CVE-2022-2993
There is an error in the condition of the last if-statement in the function smp_check_keys. It was rejecting current keys if all requirements were unmet. Hay un error en la condición de la última declaración if en la función smp_check_keys. Rechazaba las claves actuales si no se cumplían todos los requisitos. • https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-3286-jgjx-8cvr •
CVE-2022-2741 – can: denial-of-service can be triggered by a crafted CAN frame
https://notcve.org/view.php?id=CVE-2022-2741
The denial-of-service can be triggered by transmitting a carefully crafted CAN frame on the same CAN network as the vulnerable node. The frame must have a CAN ID matching an installed filter in the vulnerable node (this can easily be guessed based on CAN traffic analyses). The frame must contain the opposite RTR bit as what the filter installed in the vulnerable node contains (if the filter matches RTR frames, the frame must be a data frame or vice versa). La denegación de servicio puede activarse transmitiendo un frame CAN cuidadosamente manipulada en la misma red CAN que el nodo vulnerable. El frame debe tener una ID CAN que coincida con un filtro instalado en el nodo vulnerable (esto se puede adivinar fácilmente basándose en los análisis de tráfico CAN). • https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hx5v-j59q-c3j8 • CWE-400: Uncontrolled Resource Consumption •
CVE-2022-1841 – Out-of-bound write in tcp_flags
https://notcve.org/view.php?id=CVE-2022-1841
In subsys/net/ip/tcp.c , function tcp_flags , when the incoming parameter flags is ECN or CWR , the buf will out-of-bounds write a byte zero. En el archivo subsys/net/ip/tcp.c, la función tcp_flags , cuando el parámetro entrante flags es ECN o CWR , el buf escribirá fuera de límites un byte cero • http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-5c3j-p8cr-2pgh • CWE-787: Out-of-bounds Write •
CVE-2022-1042 – Out-of-bound write vulnerability in the Bluetooth mesh core stack can be triggered during provisioning
https://notcve.org/view.php?id=CVE-2022-1042
In Zephyr bluetooth mesh core stack, an out-of-bound write vulnerability can be triggered during provisioning. En Zephyr bluetooth mesh core stack, puede desencadenarse una vulnerabilidad de escritura fuera de límites durante el aprovisionamiento. • http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-j7v7-w73r-mm5x • CWE-787: Out-of-bounds Write •