Lucene search
+L

6 matches found

NVD
NVD
added 2026/06/28 5:16 a.m.10 views

CVE-2026-10593

The Zephyr Bluetooth LE Audio Basic Audio Profile BAP unicast client mishandles peer-supplied ASE state notifications. In unicastclientepqosstate subsys/bluetooth/audio/bapunicastclient.c, the handler writes attacker-controlled QoS fields interval, framing, phy, sdu, rtn, latency, pd through the...

6.5CVSS0.00185EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/06/28 4:28 a.m.6 views

CVE-2026-10593 Remotely triggerable NULL-pointer dereference in Bluetooth LE Audio BAP unicast client QoS-state handling

The Zephyr Bluetooth LE Audio Basic Audio Profile BAP unicast client mishandles peer-supplied ASE state notifications. In unicastclientepqosstate subsys/bluetooth/audio/bapunicastclient.c, the handler writes attacker-controlled QoS fields interval, framing, phy, sdu, rtn, latency, pd through the...

6.5CVSS6.1AI score0.00185EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/06/28 4:28 a.m.12 views

CVE-2026-10593

The Zephyr Bluetooth LE Audio Basic Audio Profile BAP unicast client mishandles peer-supplied ASE state notifications. In unicastclientepqosstate subsys/bluetooth/audio/bapunicastclient.c, the handler writes attacker-controlled QoS fields interval, framing, phy, sdu, rtn, latency, pd through the...

6.5CVSS5.8AI score0.00185EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2026/06/28 4:28 a.m.24 views

CVE-2026-10593

The CVE affects Zephyr’s Bluetooth LE Audio BAP unicast client. In unicast_client_ep_qos_state(), the handler writes attacker-controlled QoS fields via stream-qos with only a stream != NULL guard. stream-qos is NULL for streams codec-configured but not yet added to a unicast group, creating a win...

6.5CVSS6.1AI score0.00185EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2026/06/28 4:28 a.m.46 views

CVE-2026-10593 Remotely triggerable NULL-pointer dereference in Bluetooth LE Audio BAP unicast client QoS-state handling

The Zephyr Bluetooth LE Audio Basic Audio Profile BAP unicast client mishandles peer-supplied ASE state notifications. In unicastclientepqosstate subsys/bluetooth/audio/bapunicastclient.c, the handler writes attacker-controlled QoS fields interval, framing, phy, sdu, rtn, latency, pd through the...

6.5CVSS0.00185EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/06/28 12:0 a.m.17 views

PT-2026-53091

Name of the Vulnerable Software and Affected Versions Zephyr versions prior to 4.3.0 Zephyr version 4.3.0 Zephyr version 4.4.0 Description The Bluetooth LE Audio Basic Audio Profile BAP unicast client mishandles state notifications supplied by a peer. In the unicast client ep qos state function...

6.5CVSS6.1AI score0.00185EPSS
Exploits1References8
Rows per page
Query Builder