Multiple vulnerabilities in Zephyr
| Risk | Low |
| Patch available | NO |
| Number of vulnerabilities | 3 |
| CVE-ID | CVE-2023-0397 CVE-2023-0396 CVE-2022-3806 |
| CWE-ID | CWE-703 CWE-119 CWE-415 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
Zephyr Operating systems & Components / Operating system |
| Vendor | Zephyr Project |
Security Bulletin
This security bulletin contains information about 3 vulnerabilities.
1) Improper Check or Handling of Exceptional Conditions
EUVDB-ID: #VU71417
Risk: Low
CVSSv3.1: 3.9 [CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:U/RC:C]
CVE-ID: CVE-2023-0397
CWE-ID:
CWE-703 - Improper Check or Handling of Exceptional Conditions
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to unchecked input in le_read_buffer_size_complete. An attacker with physical access can use a defect bluetooth controller and perform a denial of service (DoS) attack.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsZephyr: 1.0.0 - 3.2.0
CPE2.3- cpe:2.3:o:zephyr_project:zephyr:1.0.0:*:*:*:*:*:*:
- cpe:2.3:o:zephyr_project:zephyr:1.1.0:*:*:*:*:*:*:
- cpe:2.3:o:zephyr_project:zephyr:1.2.0:*:*:*:*:*:*:
http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-wc2h-h868-q7hj
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Buffer overflow
EUVDB-ID: #VU71418
Risk: Low
CVSSv3.1: 6.2 [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:U/RC:C]
CVE-ID: CVE-2023-0396
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the most functions that process HCI command responses. An attacker with physical access can trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsZephyr: 1.0.0 - 3.2.0
CPE2.3- cpe:2.3:o:zephyr_project:zephyr:1.0.0:*:*:*:*:*:*:
- cpe:2.3:o:zephyr_project:zephyr:1.1.0:*:*:*:*:*:*:
- cpe:2.3:o:zephyr_project:zephyr:1.2.0:*:*:*:*:*:*:
http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-8rpp-6vxq-pqg3
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Double Free
EUVDB-ID: #VU71419
Risk: Low
CVSSv3.1: 5.8 [CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:U/RC:C]
CVE-ID: CVE-2022-3806
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in bluetooth hci. An attacker with physical access can trigger double free error and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsZephyr: 1.0.0 - 3.2.0
CPE2.3- cpe:2.3:o:zephyr_project:zephyr:1.0.0:*:*:*:*:*:*:
- cpe:2.3:o:zephyr_project:zephyr:1.1.0:*:*:*:*:*:*:
- cpe:2.3:o:zephyr_project:zephyr:1.2.0:*:*:*:*:*:*:
http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-w525-fm68-ppq3
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
