HCI send_sync Dangling Semaphore Reference Re-use
CVE-2023-1901

8HIGH

Key Information:

Vendor: Zephyrproject-rtos
Status: Zephyr
Vendor: CVE Published:; 10 July 2023

🔔 Create Zephyrproject-rtos Vulnerability Alert

What is CVE-2023-1901?

A vulnerability in the Bluetooth HCI host layer within the Zephyr Project arises from improper clearing of a global reference to a semaphore after HCI commands are sent. This flaw can be exploited by a malicious HCI controller, potentially leading to the use of a dangling reference within the host layer. Such exploitation can result in a denial-of-service condition or even facilitate remote code execution, posing significant risks to the affected systems.

Affected Version(s)

Zephyr * <= 3.3

References

https://github.com/zephyrproject-rtos/zephyr/security/adv...

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 10, 2023
Vulnerability Reserved
Apr 5, 2023