Zephyr Security Vulnerabilities and Issues — Zephyr CVE List

Lucene search

ZephyrprojectZephyr

15 matches found

CVE•added 2020/06/05 6:15 p.m.•98 views

CVE-2020-10068

In the Zephyr project Bluetooth subsystem, certain duplicate and back-to-back packets can cause incorrect behavior, resulting in a denial of service. This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions, and version 1.14.0 and later versions.

6.5CVSS5.8AI score0.00075EPSS

CVE•added 2023/01/25 2:2 a.m.•57 views

CVE-2023-0396

A malicious / defective bluetooth controller can cause buffer overreads in the most functions that process HCI command responses.

6.8CVSS6.8AI score0.00047EPSS

CVE•added 2020/05/11 11:15 p.m.•54 views

CVE-2020-10023

The shell subsystem contains a buffer overflow, whereby an adversary with physical access to the device is able to cause a memory corruption, resulting in denial of service or possibly code execution within the Zephyr kernel. See NCC-NCC-019 This issue affects: zephyrproject-rtos zephyr version 1.1...

6.9CVSS7.1AI score0.00099EPSS

CVE•added 2024/03/29 5:15 a.m.•48 views

CVE-2024-3077

An malicious BLE device can crash BLE victim device by sending malformed gatt packet

6.8CVSS6.6AI score0.00193EPSS

CVE•added 2024/09/13 8:15 p.m.•46 views

CVE-2024-5931

BT: Unchecked user input in bap_broadcast_assistant

6.5CVSS6.3AI score0.00077EPSS

CVE•added 2024/07/03 5:15 p.m.•44 views

CVE-2024-3332

A malicious BLE device can send a specific order of packet sequence to cause a DoS attack on the victim BLE device

6.5CVSS6.4AI score0.0011EPSS

CVE•added 2023/08/12 11:15 p.m.•43 views

CVE-2023-4265

Potential buffer overflow vulnerabilities in the following locations:https://github.com/zephyrproject-rtos/zephyr/blob/main/drivers/usb/device/usb_dc_native_posix.c#L359 https://github.com/zephyrproject-rtos/zephyr/blob/main/drivers/usb/device/usb_dc_native_posix.c#L359https://github.com/zephyrproj...

6.8CVSS6.9AI score0.00301EPSS

CVE•added 2024/10/04 6:15 a.m.•42 views

CVE-2024-6442

In ascs_cp_rsp_add in /subsys/bluetooth/audio/ascs.c, an unchecked tailroom could lead to a global buffer overflow.

6.5CVSS6.3AI score0.00067EPSS

CVE•added 2024/10/04 7:15 a.m.•41 views

CVE-2024-6444

No proper validation of the length of user input in olcp_ind_handler in zephyr/subsys/bluetooth/services/ots/ots_client.c.

6.5CVSS6.3AI score0.00067EPSS

CVE•added 2024/09/13 7:15 p.m.•40 views

CVE-2024-6258

BT: Missing length checks of net_buf in rfcomm_handle_data

6.8CVSS6.5AI score0.00078EPSS

CVE•added 2024/10/04 6:15 a.m.•38 views

CVE-2024-6443

In utf8_trunc in zephyr/lib/utils/utf8.c, last_byte_p can point to one byte before the string pointer if the string is empty.

6.5CVSS6.3AI score0.00073EPSS

CVE•added 2021/10/05 9:15 p.m.•36 views

CVE-2021-3436

BT: Possible to overwrite an existing bond during keys distribution phase when the identity address of the bond is known. Zephyr versions >= 1.14.2, >= 2.4.0, >= 2.5.0 contain Use of Multiple Resources with Duplicate Identifier (CWE-694). For more information, see https://github.com/zephyr...

6.5CVSS5.5AI score0.00315EPSS

CVE•added 2021/10/12 10:15 p.m.•35 views

CVE-2021-3322

Unexpected Pointer Aliasing in IEEE 802154 Fragment Reassembly in Zephyr. Zephyr versions >= >=2.4.0 contain NULL Pointer Dereference (CWE-476). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-p86r-gc4r-4mq3

6.5CVSS6.5AI score0.00095EPSS

CVE•added 2021/05/25 5:15 p.m.•33 views

CVE-2020-10069

Zephyr Bluetooth unchecked packet data results in denial of service. Zephyr versions >= v1.14.2, >= v2.2.0 contain Improper Handling of Parameters (CWE-233). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-f6vh-7v4x-8fjp

6.5CVSS5.4AI score0.00095EPSS

CVE•added 2023/01/11 4:15 a.m.•33 views

CVE-2022-0553

There is no check to see if slot 0 is being uploaded from the device to the host. When using encrypted images this means the unencrypted firmware can be retrieved easily.

6.5CVSS5AI score0.00021EPSS