Zephyr

Source repositories

https://github.com/zephyrproject-rtos/zephyr

CVEs (115)

CVE	CVSS	EPSS	Published	Description
CVE-2023-5139	—	0.00	Oct 26, 2023	Potential buffer overflow vulnerability at the following location in the Zephyr STM32 Crypto driver
CVE-2023-5753	—	0.00	Oct 24, 2023	Potential buffer overflows in the Bluetooth subsystem due to asserts being disabled in /subsys/bluetooth/host/hci_core.c
CVE-2023-4257	—	0.00	Oct 13, 2023	Unchecked user input length in /subsys/net/l2/wifi/wifi_shell.c can cause buffer overflows.
CVE-2023-4263	—	0.00	Oct 13, 2023	Potential buffer overflow vulnerability in the Zephyr IEEE 802.15.4 nRF 15.4 driver
CVE-2023-5563	—	0.00	Oct 12, 2023	The SJA1000 CAN controller driver backend automatically attempt to recover from a bus-off event when built with CONFIG_CAN_AUTO_BUS_OFF_RECOVERY=y. This results in calling k_sleep() in IRQ context, causing a fatal exception.
CVE-2023-3725	—	0.01	Oct 6, 2023	Potential buffer overflow vulnerability in the Zephyr CAN bus subsystem
CVE-2023-5184	—	0.00	Sep 27, 2023	Two potential signed to unsigned conversion errors and buffer overflow vulnerabilities at the following locations in the Zephyr IPM drivers.
CVE-2023-4260	—	0.00	Sep 26, 2023	Potential off-by-one buffer overflow vulnerability in the Zephyr fuse file system.
CVE-2023-4264	—	0.00	Sep 26, 2023	Potential buffer overflow vulnerabilities n the Zephyr Bluetooth subsystem.
CVE-2023-4259	—	0.00	Sep 25, 2023	Two potential buffer overflow vulnerabilities at the following locations in the Zephyr eS-WiFi driver source code.
CVE-2023-4258	—	0.00	Sep 25, 2023	In Bluetooth mesh implementation If provisionee has a public key that is sent OOB then during provisioning it can be sent back and will be accepted by provisionee.
CVE-2023-4265	—	0.00	Aug 12, 2023	Potential buffer overflow vulnerabilities in the following locations: https://github.com/zephyrproject-rtos/zephyr/blob/main/drivers/usb/device/usb_dc_native_posix.c#L359 https://github.com/zephyrproject-rtos/zephyr/blob/main/drivers/usb/device/usb_dc_native_posix.c#L359 https://github.com/zephyrproject-rtos/zephyr/blob/main/subsys/usb/device/class/netusb/function_rndis... https://github.com/zephyrproject-rtos/zephyr/blob/main/subsys/usb/device/class/netusb/function_rndis.c#L841
CVE-2023-1901	—	0.00	Jul 10, 2023	The bluetooth HCI host layer logic not clearing a global reference to a semaphore after synchronously sending HCI commands may allow a malicious HCI Controller to cause the use of a dangling reference in the host layer, leading to a crash (DoS) or potential RCE on the Host layer.
CVE-2023-2234	—	0.00	Jul 10, 2023	Union variant confusion allows any malicious BT controller to execute arbitrary code on the Zephyr host.
CVE-2023-1902	—	0.00	Jul 10, 2023	The bluetooth HCI host layer logic not clearing a global reference to a state pointer after handling connection events may allow a malicious HCI Controller to cause the use of a dangling reference in the host layer, leading to a crash (DoS) or potential RCE on the Host layer.
CVE-2023-0359	—	0.00	Jul 10, 2023	A missing nullptr-check in handle_ra_input can cause a nullptr-deref.
CVE-2023-0779	—	0.00	May 30, 2023	At the most basic level, an invalid pointer can be input that crashes the device, but with more knowledge of the device’s memory layout, further exploitation is possible.
CVE-2021-3329	—	0.00	Feb 26, 2023	Lack of proper validation in HCI Host stack initialization can cause a crash of the bluetooth stack
CVE-2023-0397	—	0.00	Jan 19, 2023	A malicious / defect bluetooth controller can cause a Denial of Service due to unchecked input in le_read_buffer_size_complete.
CVE-2022-3806	—	0.00	Jan 19, 2023	Inconsistent handling of error cases in bluetooth hci may lead to a double free condition of a network buffer.

Page 3 of 6