Buffer Overflow in MBed OS 6.16.0 by Arm
CVE-2024-48985

7.5HIGH

Key Information:

Vendor: Arm
Status: Mbed
Vendor: CVE Published:; 20 November 2024

Summary

In MBed OS 6.16.0, an issue was found during the processing of HCI packets. The software reads two bytes from the packet data to dynamically determine the length of the packet body, leading to an allocated buffer intended to store the complete packet. However, if the allocation fails due to excessive size requirements, no exception handling is implemented. Consequently, the function hciTrSerialRxIncoming continues to write beyond the intended bounds into a temporary 4-byte header buffer. This behavior exposes the system to potential buffer overflow vulnerabilities. An attacker can exploit this flaw to achieve arbitrary write capabilities, potentially compromising the integrity of the system by overwriting critical pointers and state variables during the parsing process of packet data.

References

https://github.com/mbed-ce/mbed-os/blob/54e8693ef4ff7e025...

https://github.com/mbed-ce/mbed-os/pull/384

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 20, 2024