CVE-2022-3806 Bluetooth HCI Error Handling Double Free

2023-01-1900:00:00

CWE-415

zephyr

www.cve.org

cve-2022-3806

bluetooth

error handling

double free

network buffer

AI Score

9.6

Confidence

High

EPSS

0.003

Percentile

69.0%

JSON

Inconsistent handling of error cases in bluetooth hci may lead to a double free condition of a network buffer.

CNA Affected

[
  {
    "vendor": "zephyrproject-rtos",
    "product": "zephyr",
    "versions": [
      {
        "version": "unspecified",
        "lessThanOrEqual": "v3.2",
        "status": "affected",
        "versionType": "custom"
      }
    ]
  }
]

References

github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-w525-fm68-ppq3