OOB Access Vulnerability in get_att_search_list
CVE-2024-6137

7.6HIGH

Key Information:

Vendor: Zephyrproject-rtos
Status: Zephyr
Vendor: CVE Published:; 13 September 2024

🔔 Create Zephyrproject-rtos Vulnerability Alert

What is CVE-2024-6137?

An out-of-bounds access vulnerability has been identified in the Bluetooth Classic Service Discovery Protocol (SDP) implementation within the Zephyr RTOS. This issue arises during the handling of function calls that can lead to data corruption or unexpected behavior. Affected versions may allow an attacker to exploit this flaw, potentially compromising the system's integrity. Users of affected versions should apply the latest patches to mitigate the risk associated with this vulnerability.

Affected Version(s)

Zephyr * <= 3.6

References

https://github.com/zephyrproject-rtos/zephyr/security/adv...

CVSS V3.1

Score:

7.6

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 13, 2024
Vulnerability Reserved
Jun 18, 2024

JSON