Total
113 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-20746 | 6 Google, Linuxfoundation, Mediatek and 3 more | 23 Android, Yocto, Mt2718 and 20 more | 2025-11-05 | N/A | 6.7 MEDIUM |
| In gnss service, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10010441; Issue ID: MSV-3967. | |||||
| CVE-2025-20747 | 6 Google, Linuxfoundation, Mediatek and 3 more | 23 Android, Yocto, Mt2718 and 20 more | 2025-11-05 | N/A | 6.7 MEDIUM |
| In gnss service, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10010443; Issue ID: MSV-3966. | |||||
| CVE-2025-2962 | 1 Zephyrproject | 1 Zephyr | 2025-10-30 | N/A | 7.5 HIGH |
| A denial-of-service issue in the dns implemenation could cause an infinite loop. | |||||
| CVE-2025-10457 | 1 Zephyrproject | 1 Zephyr | 2025-10-29 | N/A | 4.3 MEDIUM |
| The function responsible for handling BLE connection responses does not verify whether a response is expected—that is, whether the device has initiated a connection request. Instead, it relies solely on identifier matching. | |||||
| CVE-2025-10456 | 1 Zephyrproject | 1 Zephyr | 2025-10-29 | N/A | 7.1 HIGH |
| A vulnerability was identified in the handling of Bluetooth Low Energy (BLE) fixed channels (such as SMP or ATT). Specifically, an attacker could exploit a flaw that causes the BLE target (i.e., the device under attack) to attempt to disconnect a fixed channel, which is not allowed per the Bluetooth specification. This leads to undefined behavior, including potential assertion failures, crashes, or memory corruption, depending on the BLE stack implementation. | |||||
| CVE-2025-10458 | 1 Zephyrproject | 1 Zephyr | 2025-10-29 | N/A | 7.6 HIGH |
| Parameters are not validated or sanitized, and are later used in various internal operations. | |||||
| CVE-2025-7403 | 1 Zephyrproject | 1 Zephyr | 2025-10-29 | N/A | 7.6 HIGH |
| Unsafe handling in bt_conn_tx_processor causes a use-after-free, resulting in a write-before-zero. The written 4 bytes are attacker-controlled, enabling precise memory corruption. | |||||
| CVE-2024-10395 | 1 Zephyrproject | 1 Zephyr | 2025-10-29 | N/A | 8.6 HIGH |
| No proper validation of the length of user input in http_server_get_content_type_from_extension. | |||||
| CVE-2024-5754 | 1 Zephyrproject | 1 Zephyr | 2025-09-17 | N/A | 8.2 HIGH |
| BT: Encryption procedure host vulnerability | |||||
| CVE-2024-8798 | 1 Zephyrproject | 1 Zephyr | 2025-09-17 | N/A | 7.5 HIGH |
| No proper validation of the length of user input in olcp_ind_handler in zephyr/subsys/bluetooth/services/ots/ots_client.c. | |||||
| CVE-2024-6259 | 1 Zephyrproject | 1 Zephyr | 2025-09-17 | N/A | 7.6 HIGH |
| BT: HCI: adv_ext_report Improper discarding in adv_ext_report | |||||
| CVE-2024-6258 | 1 Zephyrproject | 1 Zephyr | 2025-09-17 | N/A | 6.8 MEDIUM |
| BT: Missing length checks of net_buf in rfcomm_handle_data | |||||
| CVE-2024-6137 | 1 Zephyrproject | 1 Zephyr | 2025-09-17 | N/A | 7.6 HIGH |
| BT: Classic: SDP OOB access in get_att_search_list | |||||
| CVE-2024-5931 | 1 Zephyrproject | 1 Zephyr | 2025-09-17 | N/A | 6.3 MEDIUM |
| BT: Unchecked user input in bap_broadcast_assistant | |||||
| CVE-2024-4785 | 1 Zephyrproject | 1 Zephyr | 2025-09-17 | N/A | 7.6 HIGH |
| BT: Missing Check in LL_CONNECTION_UPDATE_IND Packet Leads to Division by Zero | |||||
| CVE-2025-20696 | 6 Google, Linuxfoundation, Mediatek and 3 more | 37 Android, Yocto, Mt6739 and 34 more | 2025-08-18 | N/A | 6.8 MEDIUM |
| In DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09915215; Issue ID: MSV-3801. | |||||
| CVE-2022-1822 | 1 Zephyrproject | 1 Zephyr | 2025-05-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Zephyr Project Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘project’ parameter in versions up to, and including, 3.2.40 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | |||||
| CVE-2022-2993 | 1 Zephyrproject | 1 Zephyr | 2025-04-22 | N/A | 8.6 HIGH |
| There is an error in the condition of the last if-statement in the function smp_check_keys. It was rejecting current keys if all requirements were unmet. | |||||
| CVE-2023-0396 | 1 Zephyrproject | 1 Zephyr | 2025-04-03 | N/A | 6.8 MEDIUM |
| A malicious / defective bluetooth controller can cause buffer overreads in the most functions that process HCI command responses. | |||||
| CVE-2022-3806 | 1 Zephyrproject | 1 Zephyr | 2025-04-03 | N/A | 9.8 CRITICAL |
| Inconsistent handling of error cases in bluetooth hci may lead to a double free condition of a network buffer. | |||||