Buffer Overflow Vulnerability in MBed OS by Arm

CVE-2024-48984

Summary

A buffer overflow vulnerability has been identified in MBed OS 6.16.0, where the hci parsing logic fails to validate the integrity of report data. During the processing of hci reports, the software dynamically reads byte lengths which are essential for allocating appropriate buffers for each report. However, this mechanism does not adequately ensure that the allocated memory boundaries are respected. In certain scenarios, this oversight could allow for the overwriting of report length fields, leading to potential exploitation through crafted inputs that result in memory corruption and data access violations.

References