Bluetooth Broadcast Assistant Vulnerability in Zephyr RTOS
CVE-2026-10660

6.4MEDIUM

Key Information:

Status
Vendor
CVE Published:
11 July 2026

What is CVE-2026-10660?

The Bluetooth Broadcast Assistant in Zephyr RTOS contains a vulnerability that allows the reassembly of remote Broadcast Receive State data into a shared static buffer, leading to potential memory corruption and denial of service. When connected to multiple Scan Delegator devices, notification and long-read callbacks can interleave on this shared buffer. The lack of tailroom checks allows data from different connections to overwrite each other's memory, causing out-of-bounds writes and cross-connection data corruption. The fix involves moving to a per-connection buffer, ensuring data isolation between connections.

Affected Version(s)

zephyr 3.6.0 < 4.5.0

References

CVSS V3.1

Score:
6.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Adjacent Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.