5 matches found
CVE-2026-10641
Zephyr's Bluetooth Classic Hands-Free Profile HFP Hands-Free role parser subsys/bluetooth/host/classic/hfphf.c contains an out-of-bounds write. During Service Level Connection setup the HF sends AT+CIND=? and parses the AG's +CIND: response in cindhandle, which assigns a per-entry counter index a...
CVE-2026-10641 Out-of-bounds write in Bluetooth HFP Hands-Free CIND indicator parsing (cind_handle_values)
Zephyr's Bluetooth Classic Hands-Free Profile HFP Hands-Free role parser subsys/bluetooth/host/classic/hfphf.c contains an out-of-bounds write. During Service Level Connection setup the HF sends AT+CIND=? and parses the AG's +CIND: response in cindhandle, which assigns a per-entry counter index a...
EUVD-2026-37702
Zephyr's Bluetooth Classic Hands-Free Profile HFP Hands-Free role parser subsys/bluetooth/host/classic/hfphf.c contains an out-of-bounds write. During Service Level Connection setup the HF sends AT+CIND=? and parses the AG's +CIND: response in cindhandle, which assigns a per-entry counter index a...
CVE-2022-20229
In btahfclienthandlecindlistitem of btahfclientat.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-1...
CVE-2022-20229
In btahfclienthandlecindlistitem of btahfclientat.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-1...