Total
111 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-2962 | 1 Zephyrproject | 1 Zephyr | 2025-10-30 | N/A | 7.5 HIGH |
| A denial-of-service issue in the dns implemenation could cause an infinite loop. | |||||
| CVE-2025-10457 | 1 Zephyrproject | 1 Zephyr | 2025-10-29 | N/A | 4.3 MEDIUM |
| The function responsible for handling BLE connection responses does not verify whether a response is expected—that is, whether the device has initiated a connection request. Instead, it relies solely on identifier matching. | |||||
| CVE-2025-10456 | 1 Zephyrproject | 1 Zephyr | 2025-10-29 | N/A | 7.1 HIGH |
| A vulnerability was identified in the handling of Bluetooth Low Energy (BLE) fixed channels (such as SMP or ATT). Specifically, an attacker could exploit a flaw that causes the BLE target (i.e., the device under attack) to attempt to disconnect a fixed channel, which is not allowed per the Bluetooth specification. This leads to undefined behavior, including potential assertion failures, crashes, or memory corruption, depending on the BLE stack implementation. | |||||
| CVE-2025-10458 | 1 Zephyrproject | 1 Zephyr | 2025-10-29 | N/A | 7.6 HIGH |
| Parameters are not validated or sanitized, and are later used in various internal operations. | |||||
| CVE-2025-7403 | 1 Zephyrproject | 1 Zephyr | 2025-10-29 | N/A | 7.6 HIGH |
| Unsafe handling in bt_conn_tx_processor causes a use-after-free, resulting in a write-before-zero. The written 4 bytes are attacker-controlled, enabling precise memory corruption. | |||||
| CVE-2024-10395 | 1 Zephyrproject | 1 Zephyr | 2025-10-29 | N/A | 8.6 HIGH |
| No proper validation of the length of user input in http_server_get_content_type_from_extension. | |||||
| CVE-2024-5754 | 1 Zephyrproject | 1 Zephyr | 2025-09-17 | N/A | 8.2 HIGH |
| BT: Encryption procedure host vulnerability | |||||
| CVE-2024-8798 | 1 Zephyrproject | 1 Zephyr | 2025-09-17 | N/A | 7.5 HIGH |
| No proper validation of the length of user input in olcp_ind_handler in zephyr/subsys/bluetooth/services/ots/ots_client.c. | |||||
| CVE-2024-6259 | 1 Zephyrproject | 1 Zephyr | 2025-09-17 | N/A | 7.6 HIGH |
| BT: HCI: adv_ext_report Improper discarding in adv_ext_report | |||||
| CVE-2024-6258 | 1 Zephyrproject | 1 Zephyr | 2025-09-17 | N/A | 6.8 MEDIUM |
| BT: Missing length checks of net_buf in rfcomm_handle_data | |||||
| CVE-2024-6137 | 1 Zephyrproject | 1 Zephyr | 2025-09-17 | N/A | 7.6 HIGH |
| BT: Classic: SDP OOB access in get_att_search_list | |||||
| CVE-2024-5931 | 1 Zephyrproject | 1 Zephyr | 2025-09-17 | N/A | 6.3 MEDIUM |
| BT: Unchecked user input in bap_broadcast_assistant | |||||
| CVE-2024-4785 | 1 Zephyrproject | 1 Zephyr | 2025-09-17 | N/A | 7.6 HIGH |
| BT: Missing Check in LL_CONNECTION_UPDATE_IND Packet Leads to Division by Zero | |||||
| CVE-2025-20696 | 6 Google, Linuxfoundation, Mediatek and 3 more | 37 Android, Yocto, Mt6739 and 34 more | 2025-08-18 | N/A | 6.8 MEDIUM |
| In DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09915215; Issue ID: MSV-3801. | |||||
| CVE-2022-2993 | 1 Zephyrproject | 1 Zephyr | 2025-04-22 | N/A | 8.6 HIGH |
| There is an error in the condition of the last if-statement in the function smp_check_keys. It was rejecting current keys if all requirements were unmet. | |||||
| CVE-2023-0396 | 1 Zephyrproject | 1 Zephyr | 2025-04-03 | N/A | 6.8 MEDIUM |
| A malicious / defective bluetooth controller can cause buffer overreads in the most functions that process HCI command responses. | |||||
| CVE-2022-3806 | 1 Zephyrproject | 1 Zephyr | 2025-04-03 | N/A | 9.8 CRITICAL |
| Inconsistent handling of error cases in bluetooth hci may lead to a double free condition of a network buffer. | |||||
| CVE-2023-7060 | 1 Zephyrproject | 1 Zephyr | 2025-03-27 | N/A | 8.6 HIGH |
| Zephyr OS IP packet handling does not properly drop IP packets arriving on an external interface with a source address equal to 127.0.01 or the destination address. | |||||
| CVE-2025-1673 | 1 Zephyrproject | 1 Zephyr | 2025-02-28 | N/A | 8.2 HIGH |
| A malicious or malformed DNS packet without a payload can cause an out-of-bounds read, resulting in a crash (denial of service) or an incorrect computation. | |||||
| CVE-2025-1674 | 1 Zephyrproject | 1 Zephyr | 2025-02-28 | N/A | 8.2 HIGH |
| A lack of input validation allows for out of bounds reads caused by malicious or malformed packets. | |||||