Lucene search

ZephyrCVELIST:CVE-2024-6137

HistorySep 13, 2024 - 8:06 p.m.

CVE-2024-6137 BT: Classic: SDP OOB access in get_att_search_list

2024-09-1320:06:45

CWE-787

CWE-20

CWE-121

zephyr

www.cve.org

bluetooth classic out-of-band access cve-2024-6137 oob get att search list

CVSS3

7.6

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

EPSS

Percentile

13.5%

JSON

BT: Classic: SDP OOB access in get_att_search_list

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "packageName": "Zephyr",
    "product": "Zephyr",
    "repo": "https://github.com/zephyrproject-rtos/zephyr",
    "vendor": "zephyrproject-rtos",
    "versions": [
      {
        "lessThanOrEqual": "3.6",
        "status": "affected",
        "version": "*",
        "versionType": "git"
      }
    ]
  }
]

References

github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-pm38-7g85-cf4f

CVSS3

7.6

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

EPSS

Percentile

13.5%

JSON

Related for CVELIST:CVE-2024-6137