CVE-2024-11263 – arch: riscv: userspace: potential security risk when CONFIG_RISCV_GP=y
https://notcve.org/view.php?id=CVE-2024-11263
When the Global Pointer (GP) relative addressing is enabled (CONFIG_RISCV_GP=y), the gp reg points at 0x800 bytes past the start of the .sdata section which is then used by the linker to relax accesses to global symbols. • https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-jjf3-7x72-pqm9 • CWE-270: Privilege Context Switching Error •
CVE-2024-6444 – Bluetooth: ots: missing buffer length check
https://notcve.org/view.php?id=CVE-2024-6444
No proper validation of the length of user input in olcp_ind_handler in zephyr/subsys/bluetooth/services/ots/ots_client.c. • https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-qj4r-chj6-h7qp • CWE-122: Heap-based Buffer Overflow •
CVE-2024-6443 – zephyr: out-of-bound read in utf8_trunc
https://notcve.org/view.php?id=CVE-2024-6443
In utf8_trunc in zephyr/lib/utils/utf8.c, last_byte_p can point to one byte before the string pointer if the string is empty. • https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-gg46-3rh2-v765 • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVE-2024-6442 – Bluetooth: ASCS Unchecked tailroom of the response buffer
https://notcve.org/view.php?id=CVE-2024-6442
In ascs_cp_rsp_add in /subsys/bluetooth/audio/ascs.c, an unchecked tailroom could lead to a global buffer overflow. • https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-m22j-ccg7-4v4h • CWE-787: Out-of-bounds Write •
CVE-2024-6259 – BT: HCI: adv_ext_report Improper discarding in adv_ext_report
https://notcve.org/view.php?id=CVE-2024-6259
BT: HCI: adv_ext_report Improper discarding in adv_ext_report • https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-p5j7-v26w-wmcp • CWE-20: Improper Input Validation CWE-122: Heap-based Buffer Overflow •