Zephyrproject: >> Zephyr >> 3.6.0 Security Vulnerabilities
When the Global Pointer (GP) relative addressing is enabled (CONFIG_RISCV_GP=y), the gp reg points at 0x800 bytes past the start of the .sdata section which is then used by the linker to relax accesses to global symbols.
CVSS Score
9.3
EPSS Score
0.0
Published
2024-11-15
No proper validation of the length of user input in olcp_ind_handler in zephyr/subsys/bluetooth/services/ots/ots_client.c.
CVSS Score
6.3
EPSS Score
0.001
Published
2024-10-04
In utf8_trunc in zephyr/lib/utils/utf8.c, last_byte_p can point to one byte before the string pointer if the string is empty.
CVSS Score
6.3
EPSS Score
0.001
Published
2024-10-04
In ascs_cp_rsp_add in /subsys/bluetooth/audio/ascs.c, an unchecked tailroom could lead to a global buffer overflow.
CVSS Score
6.3
EPSS Score
0.001
Published
2024-10-04
BT: HCI: adv_ext_report Improper discarding in adv_ext_report
CVSS Score
7.6
EPSS Score
0.002
Published
2024-09-13
BT: Unchecked user input in bap_broadcast_assistant
CVSS Score
6.3
EPSS Score
0.001
Published
2024-09-13
BT:Classic: Multiple missing buf length checks
CVSS Score
7.6
EPSS Score
0.002
Published
2024-09-13
BT: Classic: SDP OOB access in get_att_search_list
CVSS Score
7.6
EPSS Score
0.002
Published
2024-09-13
BT: Missing Check in LL_CONNECTION_UPDATE_IND Packet Leads to Division by Zero
CVSS Score
7.6
EPSS Score
0.002
Published
2024-08-19
A malicious BLE device can send a specific order of packet sequence to cause a DoS attack on the victim BLE device
CVSS Score
6.5
EPSS Score
0.002
Published
2024-07-03