ReportizFlow
Filtered by vendor Zephyrproject
Subscriptions
Filtered by product Zephyr
Subscriptions
Total
104 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-1638 | 2 Zephyrproject, Zephyrproject-rtos | 2 Zephyr, Zephyr | 2025-04-24 | 8.2 High |
| The documentation specifies that the BT_GATT_PERM_READ_LESC and BT_GATT_PERM_WRITE_LESC defines for a Bluetooth characteristic: Attribute read/write permission with LE Secure Connection encryption. If set, requires that LE Secure Connections is used for read/write access, however this is only true when it is combined with other permissions, namely BT_GATT_PERM_READ_ENCRYPT/BT_GATT_PERM_READ_AUTHEN (for read) or BT_GATT_PERM_WRITE_ENCRYPT/BT_GATT_PERM_WRITE_AUTHEN (for write), if these additional permissions are not set (even in secure connections only mode) then the stack does not perform any permission checks on these characteristics and they can be freely written/read. | ||||
| CVE-2022-2993 | 1 Zephyrproject | 1 Zephyr | 2025-04-22 | 8.6 High |
| There is an error in the condition of the last if-statement in the function smp_check_keys. It was rejecting current keys if all requirements were unmet. | ||||
| CVE-2021-3966 | 1 Zephyrproject | 1 Zephyr | 2025-04-09 | 9.6 Critical |
| usb device bluetooth class includes a buffer overflow related to implementation of net_buf_add_mem. | ||||
| CVE-2022-0553 | 1 Zephyrproject | 1 Zephyr | 2025-04-09 | 6.5 Medium |
| There is no check to see if slot 0 is being uploaded from the device to the host. When using encrypted images this means the unencrypted firmware can be retrieved easily. | ||||
| CVE-2023-0396 | 1 Zephyrproject | 1 Zephyr | 2025-04-03 | 6.8 Medium |
| A malicious / defective bluetooth controller can cause buffer overreads in the most functions that process HCI command responses. | ||||
| CVE-2022-3806 | 1 Zephyrproject | 1 Zephyr | 2025-04-03 | 9.8 Critical |
| Inconsistent handling of error cases in bluetooth hci may lead to a double free condition of a network buffer. | ||||
| CVE-2023-0397 | 1 Zephyrproject | 1 Zephyr | 2025-04-03 | 9.6 Critical |
| A malicious / defect bluetooth controller can cause a Denial of Service due to unchecked input in le_read_buffer_size_complete. | ||||
| CVE-2023-7060 | 1 Zephyrproject | 1 Zephyr | 2025-03-27 | 8.6 High |
| Zephyr OS IP packet handling does not properly drop IP packets arriving on an external interface with a source address equal to 127.0.01 or the destination address. | ||||
| CVE-2021-3329 | 1 Zephyrproject | 1 Zephyr | 2025-03-11 | 9.6 Critical |
| Lack of proper validation in HCI Host stack initialization can cause a crash of the bluetooth stack | ||||
| CVE-2025-1673 | 1 Zephyrproject | 1 Zephyr | 2025-02-28 | 8.2 High |
| A malicious or malformed DNS packet without a payload can cause an out-of-bounds read, resulting in a crash (denial of service) or an incorrect computation. | ||||
| CVE-2025-1674 | 1 Zephyrproject | 1 Zephyr | 2025-02-28 | 8.2 High |
| A lack of input validation allows for out of bounds reads caused by malicious or malformed packets. | ||||
| CVE-2023-5753 | 1 Zephyrproject | 1 Zephyr | 2025-02-13 | 6.3 Medium |
| Potential buffer overflows in the Bluetooth subsystem due to asserts being disabled in /subsys/bluetooth/host/hci_core.c | ||||
| CVE-2023-5184 | 1 Zephyrproject | 1 Zephyr | 2025-02-13 | 7 High |
| Two potential signed to unsigned conversion errors and buffer overflow vulnerabilities at the following locations in the Zephyr IPM drivers. | ||||
| CVE-2023-5139 | 1 Zephyrproject | 1 Zephyr | 2025-02-13 | 4.4 Medium |
| Potential buffer overflow vulnerability at the following location in the Zephyr STM32 Crypto driver | ||||
| CVE-2023-4264 | 1 Zephyrproject | 1 Zephyr | 2025-02-13 | 7.1 High |
| Potential buffer overflow vulnerabilities n the Zephyr Bluetooth subsystem. | ||||
| CVE-2023-4260 | 1 Zephyrproject | 1 Zephyr | 2025-02-13 | 6.3 Medium |
| Potential off-by-one buffer overflow vulnerability in the Zephyr fuse file system. | ||||
| CVE-2023-4265 | 1 Zephyrproject | 1 Zephyr | 2025-02-13 | 6.4 Medium |
| Potential buffer overflow vulnerabilities in the following locations: https://github.com/zephyrproject-rtos/zephyr/blob/main/drivers/usb/device/usb_dc_native_posix.c#L359 https://github.com/zephyrproject-rtos/zephyr/blob/main/drivers/usb/device/usb_dc_native_posix.c#L359 https://github.com/zephyrproject-rtos/zephyr/blob/main/subsys/usb/device/class/netusb/function_rndis... https://github.com/zephyrproject-rtos/zephyr/blob/main/subsys/usb/device/class/netusb/function_rndis.c#L841 | ||||
| CVE-2023-4263 | 1 Zephyrproject | 1 Zephyr | 2025-02-13 | 7.6 High |
| Potential buffer overflow vulnerability in the Zephyr IEEE 802.15.4 nRF 15.4 driver | ||||
| CVE-2023-4259 | 1 Zephyrproject | 1 Zephyr | 2025-02-13 | 7.1 High |
| Two potential buffer overflow vulnerabilities at the following locations in the Zephyr eS-WiFi driver source code. | ||||
| CVE-2023-4257 | 1 Zephyrproject | 1 Zephyr | 2025-02-13 | 7.6 High |
| Unchecked user input length in /subsys/net/l2/wifi/wifi_shell.c can cause buffer overflows. | ||||