Zephyr
Source repositories
CVEs (141)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-3329 | 0.00 | — | 0.01 | Feb 26, 2023 | Lack of proper validation in HCI Host stack initialization can cause a crash of the bluetooth stack | |||
| CVE-2022-3806 | 0.00 | — | 0.01 | Jan 19, 2023 | Inconsistent handling of error cases in bluetooth hci may lead to a double free condition of a network buffer. | |||
| CVE-2023-0396 | 0.00 | — | 0.00 | Jan 19, 2023 | A malicious / defective bluetooth controller can cause buffer overreads in the most functions that process HCI command responses. | |||
| CVE-2023-0397 | 0.00 | — | 0.00 | Jan 19, 2023 | A malicious / defect bluetooth controller can cause a Denial of Service due to unchecked input in le_read_buffer_size_complete. | |||
| CVE-2021-3966 | 0.00 | — | 0.00 | Jan 11, 2023 | usb device bluetooth class includes a buffer overflow related to implementation of net_buf_add_mem. | |||
| CVE-2022-0553 | 0.00 | — | 0.00 | Jan 11, 2023 | There is no check to see if slot 0 is being uploaded from the device to the host. When using encrypted images this means the unencrypted firmware can be retrieved easily. | |||
| CVE-2022-2993 | 0.00 | — | 0.01 | Dec 12, 2022 | There is an error in the condition of the last if-statement in the function smp_check_keys. It was rejecting current keys if all requirements were unmet. | |||
| CVE-2022-2741 | 0.00 | — | 0.01 | Oct 31, 2022 | The denial-of-service can be triggered by transmitting a carefully crafted CAN frame on the same CAN network as the vulnerable node. The frame must have a CAN ID matching an installed filter in the vulnerable node (this can easily be guessed based on CAN traffic analyses). The… | |||
| CVE-2022-1841 | 0.00 | — | 0.00 | Aug 31, 2022 | In subsys/net/ip/tcp.c , function tcp_flags , when the incoming parameter flags is ECN or CWR , the buf will out-of-bounds write a byte zero. | |||
| CVE-2022-1042 | 0.00 | — | 0.01 | Jul 26, 2022 | In Zephyr bluetooth mesh core stack, an out-of-bound write vulnerability can be triggered during provisioning. | |||
| CVE-2022-1041 | 0.00 | — | 0.01 | Jul 26, 2022 | In Zephyr bluetooth mesh core stack, an out-of-bound write vulnerability can be triggered during provisioning. | |||
| CVE-2021-3435 | 0.00 | — | 0.00 | Jun 28, 2022 | Information leakage in le_ecred_conn_req(). Zephyr versions >= v2.4.0 Use of Uninitialized Resource (CWE-908). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-xhg3-gvj6-4rqh | |||
| CVE-2021-3434 | 0.00 | — | 0.00 | Jun 28, 2022 | Stack based buffer overflow in le_ecred_conn_req(). Zephyr versions >= v2.5.0 Stack-based Buffer Overflow (CWE-121). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-8w87-6rfp-cfrm | |||
| CVE-2021-3433 | 0.00 | — | 0.00 | Jun 28, 2022 | Invalid channel map in CONNECT_IND results to Deadlock. Zephyr versions >= v2.5.0 Improper Check or Handling of Exceptional Conditions (CWE-703). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-3c2f-w4v6-qxrp | |||
| CVE-2021-3432 | 0.00 | — | 0.01 | Jun 28, 2022 | Invalid interval in CONNECT_IND leads to Division by Zero. Zephyr versions >= v1.14.0 Divide By Zero (CWE-369). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7364-p4wc-8mj4 | |||
| CVE-2021-3431 | 0.00 | — | 0.01 | Jun 28, 2022 | Assertion reachable with repeated LL_FEATURE_REQ. Zephyr versions >= v2.5.0 contain Reachable Assertion (CWE-617). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7548-5m6f-mqv9 | |||
| CVE-2021-3430 | 0.00 | — | 0.01 | Jun 28, 2022 | Assertion reachable with repeated LL_CONNECTION_PARAM_REQ. Zephyr versions >= v1.14 contain Reachable Assertion (CWE-617). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-46h3-hjcq-2jjr | |||
| CVE-2021-3861 | 0.00 | — | 0.00 | Feb 7, 2022 | The RNDIS USB device class includes a buffer overflow vulnerability. Zephyr versions >= v2.6.0 contain Heap-based Buffer Overflow (CWE-122). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hvfp-w4h8-gxvj | |||
| CVE-2021-3835 | 0.00 | — | 0.01 | Feb 7, 2022 | Buffer overflow in usb device class. Zephyr versions >= v2.6.0 contain Heap-based Buffer Overflow (CWE-122). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-fm6v-8625-99jf | |||
| CVE-2021-3454 | 0.00 | — | 0.01 | Oct 19, 2021 | Truncated L2CAP K-frame causes assertion failure. Zephyr versions >= 2.4.0, >= v.2.50 contain Improper Handling of Length Parameter Inconsistency (CWE-130), Reachable Assertion (CWE-617). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/G… |
- CVE-2021-3329Feb 26, 2023risk 0.00cvss —epss 0.01
Lack of proper validation in HCI Host stack initialization can cause a crash of the bluetooth stack
- CVE-2022-3806Jan 19, 2023risk 0.00cvss —epss 0.01
Inconsistent handling of error cases in bluetooth hci may lead to a double free condition of a network buffer.
- CVE-2023-0396Jan 19, 2023risk 0.00cvss —epss 0.00
A malicious / defective bluetooth controller can cause buffer overreads in the most functions that process HCI command responses.
- CVE-2023-0397Jan 19, 2023risk 0.00cvss —epss 0.00
A malicious / defect bluetooth controller can cause a Denial of Service due to unchecked input in le_read_buffer_size_complete.
- CVE-2021-3966Jan 11, 2023risk 0.00cvss —epss 0.00
usb device bluetooth class includes a buffer overflow related to implementation of net_buf_add_mem.
- CVE-2022-0553Jan 11, 2023risk 0.00cvss —epss 0.00
There is no check to see if slot 0 is being uploaded from the device to the host. When using encrypted images this means the unencrypted firmware can be retrieved easily.
- CVE-2022-2993Dec 12, 2022risk 0.00cvss —epss 0.01
There is an error in the condition of the last if-statement in the function smp_check_keys. It was rejecting current keys if all requirements were unmet.
- CVE-2022-2741Oct 31, 2022risk 0.00cvss —epss 0.01
The denial-of-service can be triggered by transmitting a carefully crafted CAN frame on the same CAN network as the vulnerable node. The frame must have a CAN ID matching an installed filter in the vulnerable node (this can easily be guessed based on CAN traffic analyses). The…
- CVE-2022-1841Aug 31, 2022risk 0.00cvss —epss 0.00
In subsys/net/ip/tcp.c , function tcp_flags , when the incoming parameter flags is ECN or CWR , the buf will out-of-bounds write a byte zero.
- CVE-2022-1042Jul 26, 2022risk 0.00cvss —epss 0.01
In Zephyr bluetooth mesh core stack, an out-of-bound write vulnerability can be triggered during provisioning.
- CVE-2022-1041Jul 26, 2022risk 0.00cvss —epss 0.01
In Zephyr bluetooth mesh core stack, an out-of-bound write vulnerability can be triggered during provisioning.
- CVE-2021-3435Jun 28, 2022risk 0.00cvss —epss 0.00
Information leakage in le_ecred_conn_req(). Zephyr versions >= v2.4.0 Use of Uninitialized Resource (CWE-908). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-xhg3-gvj6-4rqh
- CVE-2021-3434Jun 28, 2022risk 0.00cvss —epss 0.00
Stack based buffer overflow in le_ecred_conn_req(). Zephyr versions >= v2.5.0 Stack-based Buffer Overflow (CWE-121). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-8w87-6rfp-cfrm
- CVE-2021-3433Jun 28, 2022risk 0.00cvss —epss 0.00
Invalid channel map in CONNECT_IND results to Deadlock. Zephyr versions >= v2.5.0 Improper Check or Handling of Exceptional Conditions (CWE-703). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-3c2f-w4v6-qxrp
- CVE-2021-3432Jun 28, 2022risk 0.00cvss —epss 0.01
Invalid interval in CONNECT_IND leads to Division by Zero. Zephyr versions >= v1.14.0 Divide By Zero (CWE-369). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7364-p4wc-8mj4
- CVE-2021-3431Jun 28, 2022risk 0.00cvss —epss 0.01
Assertion reachable with repeated LL_FEATURE_REQ. Zephyr versions >= v2.5.0 contain Reachable Assertion (CWE-617). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7548-5m6f-mqv9
- CVE-2021-3430Jun 28, 2022risk 0.00cvss —epss 0.01
Assertion reachable with repeated LL_CONNECTION_PARAM_REQ. Zephyr versions >= v1.14 contain Reachable Assertion (CWE-617). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-46h3-hjcq-2jjr
- CVE-2021-3861Feb 7, 2022risk 0.00cvss —epss 0.00
The RNDIS USB device class includes a buffer overflow vulnerability. Zephyr versions >= v2.6.0 contain Heap-based Buffer Overflow (CWE-122). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hvfp-w4h8-gxvj
- CVE-2021-3835Feb 7, 2022risk 0.00cvss —epss 0.01
Buffer overflow in usb device class. Zephyr versions >= v2.6.0 contain Heap-based Buffer Overflow (CWE-122). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-fm6v-8625-99jf
- CVE-2021-3454Oct 19, 2021risk 0.00cvss —epss 0.01
Truncated L2CAP K-frame causes assertion failure. Zephyr versions >= 2.4.0, >= v.2.50 contain Improper Handling of Length Parameter Inconsistency (CWE-130), Reachable Assertion (CWE-617). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/G…
Page 5 of 8