CVE-2024-51569 Apache NimBLE: Lack of input sanitization leading to out-of-bound reads in Number of Completed Packets HCI event handler

Out-of-bounds Read vulnerability in Apache NimBLE. Missing proper validation of HCI Number Of Completed Packets could lead to out-of-bound access when parsing HCI event and invalid read from HCI transport memory. This issue requires broken or bogus Bluetooth controller and thus severity is...

CVE-2024-47250 Apache NimBLE: Lack of input validation in HCI advertising report could lead to potential out-of-bound access

Out-of-bounds Read vulnerability in Apache NimBLE. Missing proper validation of HCI advertising report could lead to out-of-bound access when parsing HCI event and thus bogus GAP 'device found' events being sent. This issue requires broken or bogus Bluetooth controller and thus severity is...

CVE-2024-47250

CVE-2024-47250 affects Apache NimBLE (through 1.7.0). The issue is an out-of-bounds read caused by missing validation of the HCI advertising report, which can trigger out-of-bound access while parsing HCI events and may generate bogus GAP “device found” events. The vulnerability requires a broken...

CVE-2024-47249 Apache NimBLE: Lack of input sanitization leading to out-of-bound reads in multiple advertisement handler

Improper Validation of Array Index vulnerability in Apache NimBLE. Lack of input validation for HCI events from controller could result in out-of-bound memory corruption and crash. This issue requires broken or bogus Bluetooth controller and thus severity is considered low. This issue affects...

CVE-2024-47249 Apache NimBLE: Lack of input sanitization leading to out-of-bound reads in multiple advertisement handler

Improper Validation of Array Index vulnerability in Apache NimBLE. Lack of input validation for HCI events from controller could result in out-of-bound memory corruption and crash. This issue requires broken or bogus Bluetooth controller and thus severity is considered low. This issue affects...

CVE-2024-47249

CVE-2024-47249 affects Apache NimBLE up to version 1.7.0. The issue is improper validation of array indices for HCI events from the Bluetooth controller, which can cause out-of-bounds memory corruption and crashes. Upgrading to NimBLE 1.8.0 is recommended and fixes the issue. No exploitation deta...

PT-2024-34712 · Apache · Apache Nimble

Name of the Vulnerable Software and Affected Versions: Apache NimBLE versions through 1.7.0 Description: The issue is an Out-of-bounds Read vulnerability in Apache NimBLE. It is caused by missing proper validation of HCI Number Of Completed Packets, which could lead to out-of-bound access when...

PT-2024-32494 · Apache · Apache Nimble

Name of the Vulnerable Software and Affected Versions: Apache NimBLE versions through 1.7.0 Description: The issue is related to improper validation of array indices in Apache NimBLE, which could result in out-of-bound memory corruption and crash due to lack of input validation for HCI events fro...

CVE-2024-38408 Cryptographic Issues in BT Controller

Cryptographic issue when a controller receives an LMP start encryption command under unexpected conditions...

UBUNTU-CVE-2024-35851

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: qca: fix NULL-deref on non-serdev suspend Qualcomm ROME controllers can be registered from the Bluetooth line discipline and in this case the HCI UART serdev pointer is NULL. Add the missing sanity check to prevent a...

CVE-2024-27225

In sendHciCommand of bluetoothhci.cc, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation...

Qualcomm Chipsets Security Vulnerability

Qualcomm Chipsets are a family of chipsets from Qualcomm Incorporated USA. A security vulnerability exists in Qualcomm Chipsets that arises from an improperly restricted operation within a memory buffer range in the BT Controller...

CVE-2023-2234

Union variant confusion allows any malicious BT controller to execute arbitrary code on the Zephyr host...

Zephyr 安全漏洞

Zephyr is an extensible real-time operating system RTOS open-sourced by the Zephyr Project. A security vulnerability exists in Zephyr that originates from allowing any malicious BT controller to execute arbitrary code on the host...

PT-2023-18442 · Zephyr · Zephyr

Name of the Vulnerable Software and Affected Versions: Zephyr affected versions not specified Description: The issue allows any malicious Bluetooth controller to execute arbitrary code on the Zephyr host due to union variant confusion. Recommendations: At the moment, there is no information about...

Zephyr 安全漏洞

Zephyr is an extensible real-time operating system RTOS open-sourced by the Zephyr Project. A security vulnerability exists in Zephyr version v2.4.0, which stems from invalid ACLMTU packets not being handled correctly during hci host stack initialization, and which can be exploited by an attacker...

zephyr 缓冲区错误漏洞

Zephyr is an extensible real-time operating system RTOS open-sourced by the Zephyr Project. A security vulnerability exists in zephyr 3.2 and earlier versions, which stems from a malicious/flawed Bluetooth controller that causes buffer rereads to occur in most functions that handle HCI command...

CVE-2023-0397

A malicious / defect bluetooth controller can cause a Denial of Service due to unchecked input in lereadbuffersizecomplete...

CVE-2023-0397

A malicious / defect bluetooth controller can cause a Denial of Service due to unchecked input in lereadbuffersizecomplete...

Design/Logic Flaw

A malicious / defect bluetooth controller can cause a Denial of Service due to unchecked input in lereadbuffersizecomplete...