CVE-2024-6137 - Vulnerability Details - OpenCVE

ReportizFlow

BT: Classic: SDP OOB access in get_att_search_list

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation poc

Automatable no

Technical Impact partial

Vendors	Products
Zephyrproject	Zephyr
Zephyrproject-rtos	Zephyr

Configuration 1 [-]

cpe:2.3:o:zephyrproject:zephyr:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-pm38-7g85-cf4f

History

Wed, 17 Sep 2025 06:30:00 +0000

Type	Values Removed	Values Added
Weaknesses	CWE-20

Thu, 19 Sep 2024 02:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Zephyrproject Zephyrproject zephyr
CPEs		cpe:2.3:o:zephyrproject:zephyr::::::::
Vendors & Products		Zephyrproject Zephyrproject zephyr

Mon, 16 Sep 2024 15:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Zephyrproject-rtos Zephyrproject-rtos zephyr
CPEs		cpe:2.3:o:zephyrproject-rtos:zephyr::::::::
Vendors & Products		Zephyrproject-rtos Zephyrproject-rtos zephyr
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Fri, 13 Sep 2024 20:15:00 +0000

Type	Values Removed	Values Added
Description		BT: Classic: SDP OOB access in get_att_search_list
Title		BT: Classic: SDP OOB access in get_att_search_list
Weaknesses		CWE-121 CWE-20 CWE-787
References		https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-pm38-7g85-cf4f
Metrics		cvssV3_1 `{'score': 7.6, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H'}`

MITRE

Status: PUBLISHED

Assigner: zephyr

Published: 2024-09-13T20:06:45.347Z

Updated: 2025-09-17T14:09:15.467Z

Reserved: 2024-06-18T18:47:56.163Z

Link: CVE-2024-6137

Vulnrichment

Updated: 2024-09-16T14:44:28.535Z

NVD

Status : Modified

Published: 2024-09-13T20:15:03.403

Modified: 2025-09-17T06:15:39.837

Link: CVE-2024-6137

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-6137", "assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad", "state": "PUBLISHED", "assignerShortName": "zephyr", "dateReserved": "2024-06-18T18:47:56.163Z", "datePublished": "2024-09-13T20:06:45.347Z", "dateUpdated": "2025-09-17T14:09:15.467Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "packageName": "Zephyr", "product": "Zephyr", "repo": "https://github.com/zephyrproject-rtos/zephyr", "vendor": "zephyrproject-rtos", "versions": [{"lessThanOrEqual": "3.6", "status": "affected", "version": "*", "versionType": "git"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "BT: Classic: SDP OOB access in get_att_search_list"}], "value": "BT: Classic: SDP OOB access in get_att_search_list"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.6, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-121", "description": "Stack-based Buffer Overflow", "lang": "en", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-787", "description": "Out-of-bounds Write", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad", "shortName": "zephyr", "dateUpdated": "2025-09-17T05:16:19.471Z"}, "references": [{"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-pm38-7g85-cf4f"}], "source": {"discovery": "UNKNOWN"}, "title": "BT: Classic: SDP OOB access in get_att_search_list", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"affected": [{"vendor": "zephyrproject-rtos", "product": "zephyr", "cpes": ["cpe:2.3:o:zephyrproject-rtos:zephyr:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "3.6", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-16T14:41:38.967851Z", "id": "CVE-2024-6137", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-09-17T14:09:15.467Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-6137", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-16T14:41:38.967851Z"}}}], "affected": [{"cpes": ["cpe:2.3:o:zephyrproject-rtos:zephyr:*:*:*:*:*:*:*:*"], "vendor": "zephyrproject-rtos", "product": "zephyr", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "3.6"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-16T14:44:28.535Z"}}], "cna": {"title": "BT: Classic: SDP OOB access in get_att_search_list", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.6, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"repo": "https://github.com/zephyrproject-rtos/zephyr", "vendor": "zephyrproject-rtos", "product": "Zephyr", "versions": [{"status": "affected", "version": "*", "versionType": "git", "lessThanOrEqual": "3.6"}], "packageName": "Zephyr", "defaultStatus": "unaffected"}], "references": [{"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-pm38-7g85-cf4f"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "BT: Classic: SDP OOB access in get_att_search_list", "supportingMedia": [{"type": "text/html", "value": "BT: Classic: SDP OOB access in get_att_search_list", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-121", "description": "Stack-based Buffer Overflow"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-787", "description": "Out-of-bounds Write"}]}], "providerMetadata": {"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad", "shortName": "zephyr", "dateUpdated": "2025-09-17T05:16:19.471Z"}}}, "cveMetadata": {"cveId": "CVE-2024-6137", "state": "PUBLISHED", "dateUpdated": "2025-09-17T14:09:15.467Z", "dateReserved": "2024-06-18T18:47:56.163Z", "assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad", "datePublished": "2024-09-13T20:06:45.347Z", "assignerShortName": "zephyr"}, "dataVersion": "5.1"}